Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-05-11T02:28:22Z DEBUG Logging to /var/log/ipaserver-install.log
- 2017-05-11T02:28:22Z DEBUG ipa-server-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'ignore_topology_disconnect': None, 'verbose': False, 'ip_addresses': None, 'domainlevel': None, 'mkhomedir': None, 'http_cert_files': None, 'no_ntp': None, 'reverse_zones': None, 'no_forwarders': None, 'external_ca_type': None, 'ssh_trust_dns': None, 'domain_name': None, 'idmax': None, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'ca_signing_algorithm': None, 'no_reverse': None, 'subject': None, 'unattended': False, 'auto_reverse': None, 'auto_forwarders': None, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'ignore_last_of_role': None, 'realm_name': None, 'forwarders': None, 'idstart': None, 'external_ca': None, 'no_ssh': None, 'external_cert_files': None, 'no_hbac_allow': None, 'forward_policy': None, 'dirsrv_cert_name': None, 'ca_cert_files': None, 'zonemgr': None, 'quiet': False, 'setup_dns': None, 'host_name': None, 'dirsrv_config_file': None, 'log_file': None, 'allow_zone_overlap': None, 'uninstall': False}
- 2017-05-11T02:28:22Z DEBUG IPA version 4.4.0-14.el7.centos.7
- 2017-05-11T02:28:22Z DEBUG Starting external process
- 2017-05-11T02:28:22Z DEBUG args=/usr/sbin/selinuxenabled
- 2017-05-11T02:28:22Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:22Z DEBUG stdout=
- 2017-05-11T02:28:22Z DEBUG stderr=
- 2017-05-11T02:28:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:28:22Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:28:22Z DEBUG httpd is not configured
- 2017-05-11T02:28:22Z DEBUG kadmin is not configured
- 2017-05-11T02:28:22Z DEBUG dirsrv is not configured
- 2017-05-11T02:28:22Z DEBUG pki-tomcatd is not configured
- 2017-05-11T02:28:22Z DEBUG install is not configured
- 2017-05-11T02:28:22Z DEBUG krb5kdc is not configured
- 2017-05-11T02:28:22Z DEBUG ntpd is not configured
- 2017-05-11T02:28:22Z DEBUG named is not configured
- 2017-05-11T02:28:22Z DEBUG ipa_memcached is not configured
- 2017-05-11T02:28:22Z DEBUG filestore is tracking no files
- 2017-05-11T02:28:22Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
- 2017-05-11T02:28:22Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:28:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:28:22Z DEBUG Starting external process
- 2017-05-11T02:28:22Z DEBUG args=/bin/systemctl is-enabled chronyd.service
- 2017-05-11T02:28:22Z DEBUG Process finished, return code=1
- 2017-05-11T02:28:22Z DEBUG stdout=
- 2017-05-11T02:28:22Z DEBUG stderr=Failed to get unit file state for chronyd.service: No such file or directory
- 2017-05-11T02:28:22Z DEBUG Starting external process
- 2017-05-11T02:28:22Z DEBUG args=/bin/systemctl is-active chronyd.service
- 2017-05-11T02:28:22Z DEBUG Process finished, return code=3
- 2017-05-11T02:28:22Z DEBUG stdout=unknown
- 2017-05-11T02:28:22Z DEBUG stderr=
- 2017-05-11T02:28:22Z DEBUG Starting external process
- 2017-05-11T02:28:22Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
- 2017-05-11T02:28:23Z DEBUG Process finished, return code=1
- 2017-05-11T02:28:23Z DEBUG stdout=
- 2017-05-11T02:28:23Z DEBUG stderr=AH00544: httpd: bad group name apache
- 2017-05-11T02:28:23Z DEBUG WARNING: cannot check if port 443 is already configured
- 2017-05-11T02:28:23Z DEBUG httpd returned error when checking: Command '/usr/sbin/httpd -t -D DUMP_VHOSTS' returned non-zero exit status 1
- 2017-05-11T02:28:28Z DEBUG Check if ipa.rdlg.net is a primary hostname for localhost
- 2017-05-11T02:28:28Z DEBUG Primary hostname for localhost: ipa.rdlg.net
- 2017-05-11T02:28:28Z DEBUG Search DNS for ipa.rdlg.net
- 2017-05-11T02:28:28Z DEBUG Check if ipa.rdlg.net is not a CNAME
- 2017-05-11T02:28:28Z DEBUG Check reverse address of 172.20.0.200
- 2017-05-11T02:28:28Z DEBUG Found reverse name: ipa.rdlg.net
- 2017-05-11T02:28:28Z DEBUG will use host_name: ipa.rdlg.net
- 2017-05-11T02:28:29Z DEBUG read domain_name: rdlg.net
- 2017-05-11T02:28:29Z DEBUG read realm_name: RDLG.NET
- 2017-05-11T02:28:48Z DEBUG importing all plugin modules in ipaserver.plugins...
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.aci
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.automember
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.automount
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.baseldap
- 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.baseuser
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.batch
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.ca
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.caacl
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.cert
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.certprofile
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.config
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.delegation
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.dns
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.dnsserver
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.dogtag
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.domainlevel
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.group
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbac
- 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbacrule
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbactest
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.host
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hostgroup
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.idrange
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.idviews
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.internal
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.join
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.ldap2
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.location
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.migration
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.misc
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.netgroup
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.otp
- 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.otp is not a valid plugin module
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.otpconfig
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.otptoken
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.passwd
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.permission
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.ping
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.pkinit
- 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.privilege
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
- 2017-05-11T02:28:48Z DEBUG Starting external process
- 2017-05-11T02:28:48Z DEBUG args=klist -V
- 2017-05-11T02:28:48Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:48Z DEBUG stdout=Kerberos 5 version 1.14.1
- 2017-05-11T02:28:48Z DEBUG stderr=
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.rabase
- 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.realmdomains
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.role
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.schema
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.selfservice
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.server
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.serverrole
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.serverroles
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.service
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.session
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.stageuser
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.sudo
- 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.sudocmd
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.sudorule
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.topology
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.trust
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.user
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.vault
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.virtual
- 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.xmlserver
- 2017-05-11T02:28:48Z DEBUG importing all plugin modules in ipaserver.install.plugins...
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.dns
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_services
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
- 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
- 2017-05-11T02:28:49Z DEBUG Name ipa.rdlg.net. resolved to set([UnsafeIPAddress('2001:470:4b:57c::200'), UnsafeIPAddress('172.20.0.200')])
- 2017-05-11T02:28:49Z WARNING Invalid IP address 2001:470:4b:57c::200 for ipa.rdlg.net: no network interface matches the IP address and netmask 2001:470:4b:57c::200
- 2017-05-11T02:28:53Z DEBUG group dirsrv exists
- 2017-05-11T02:28:53Z DEBUG user dirsrv exists
- 2017-05-11T02:28:53Z DEBUG Starting external process
- 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-enabled chronyd.service
- 2017-05-11T02:28:53Z DEBUG Process finished, return code=1
- 2017-05-11T02:28:53Z DEBUG stdout=
- 2017-05-11T02:28:53Z DEBUG stderr=Failed to get unit file state for chronyd.service: No such file or directory
- 2017-05-11T02:28:53Z DEBUG Starting external process
- 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-active chronyd.service
- 2017-05-11T02:28:53Z DEBUG Process finished, return code=3
- 2017-05-11T02:28:53Z DEBUG stdout=unknown
- 2017-05-11T02:28:53Z DEBUG stderr=
- 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:28:53Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:28:53Z DEBUG Configuring NTP daemon (ntpd)
- 2017-05-11T02:28:53Z DEBUG [1/4]: stopping ntpd
- 2017-05-11T02:28:53Z DEBUG Starting external process
- 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-active ntpd.service
- 2017-05-11T02:28:53Z DEBUG Process finished, return code=3
- 2017-05-11T02:28:53Z DEBUG stdout=unknown
- 2017-05-11T02:28:53Z DEBUG stderr=
- 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:28:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:28:53Z DEBUG Starting external process
- 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl stop ntpd.service
- 2017-05-11T02:28:53Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:53Z DEBUG stdout=
- 2017-05-11T02:28:53Z DEBUG stderr=
- 2017-05-11T02:28:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:53Z DEBUG [2/4]: writing configuration
- 2017-05-11T02:28:53Z DEBUG Backing up system configuration file '/etc/ntp.conf'
- 2017-05-11T02:28:53Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:28:53Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd'
- 2017-05-11T02:28:53Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:28:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:53Z DEBUG [3/4]: configuring ntpd to start on boot
- 2017-05-11T02:28:53Z DEBUG Starting external process
- 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-enabled ntpd.service
- 2017-05-11T02:28:53Z DEBUG Process finished, return code=1
- 2017-05-11T02:28:53Z DEBUG stdout=disabled
- 2017-05-11T02:28:53Z DEBUG stderr=
- 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:28:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:28:53Z DEBUG Starting external process
- 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl enable ntpd.service
- 2017-05-11T02:28:53Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:53Z DEBUG stdout=
- 2017-05-11T02:28:53Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
- 2017-05-11T02:28:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:53Z DEBUG [4/4]: starting ntpd
- 2017-05-11T02:28:53Z DEBUG Starting external process
- 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl start ntpd.service
- 2017-05-11T02:28:53Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:53Z DEBUG stdout=
- 2017-05-11T02:28:53Z DEBUG stderr=
- 2017-05-11T02:28:53Z DEBUG Starting external process
- 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-active ntpd.service
- 2017-05-11T02:28:53Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:53Z DEBUG stdout=active
- 2017-05-11T02:28:53Z DEBUG stderr=
- 2017-05-11T02:28:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:53Z DEBUG Done configuring NTP daemon (ntpd).
- 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:28:53Z DEBUG Configuring directory server (dirsrv). Estimated time: 1 minute
- 2017-05-11T02:28:53Z DEBUG [1/47]: creating directory server user
- 2017-05-11T02:28:53Z DEBUG group dirsrv exists
- 2017-05-11T02:28:53Z DEBUG user dirsrv exists
- 2017-05-11T02:28:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:53Z DEBUG [2/47]: creating directory server instance
- 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:28:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:28:53Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
- 2017-05-11T02:28:53Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:28:53Z DEBUG
- dn: dc=rdlg,dc=net
- objectClass: top
- objectClass: domain
- objectClass: pilotObject
- dc: rdlg
- info: IPA V2.0
- 2017-05-11T02:28:53Z DEBUG writing inf template
- 2017-05-11T02:28:53Z DEBUG
- [General]
- FullMachineName= ipa.rdlg.net
- SuiteSpotUserID= dirsrv
- SuiteSpotGroup= dirsrv
- ServerRoot= /usr/lib64/dirsrv
- [slapd]
- ServerPort= 389
- ServerIdentifier= RDLG-NET
- Suffix= dc=rdlg,dc=net
- RootDN= cn=Directory Manager
- InstallLdifFile= /var/lib/dirsrv/boot.ldif
- inst_dir= /var/lib/dirsrv/scripts-RDLG-NET
- 2017-05-11T02:28:53Z DEBUG calling setup-ds.pl
- 2017-05-11T02:28:53Z DEBUG Starting external process
- 2017-05-11T02:28:53Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpmiLtpo
- 2017-05-11T02:28:56Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:56Z DEBUG stdout=[17/05/10:20:28:56] - [Setup] Info Your new DS instance 'RDLG-NET' was successfully created.
- Your new DS instance 'RDLG-NET' was successfully created.
- [17/05/10:20:28:56] - [Setup] Success Exiting . . .
- Log file is '-'
- Exiting . . .
- Log file is '-'
- 2017-05-11T02:28:56Z DEBUG stderr=
- 2017-05-11T02:28:56Z DEBUG completed creating ds instance
- 2017-05-11T02:28:56Z DEBUG duration: 2 seconds
- 2017-05-11T02:28:56Z DEBUG [3/47]: updating configuration in dse.ldif
- 2017-05-11T02:28:56Z DEBUG Starting external process
- 2017-05-11T02:28:56Z DEBUG args=/bin/systemctl stop dirsrv@RDLG-NET.service
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=
- 2017-05-11T02:28:57Z DEBUG stderr=
- 2017-05-11T02:28:57Z DEBUG duration: 1 seconds
- 2017-05-11T02:28:57Z DEBUG [4/47]: restarting directory server
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl --system daemon-reload
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=
- 2017-05-11T02:28:57Z DEBUG stderr=
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=
- 2017-05-11T02:28:57Z DEBUG stderr=
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=active
- 2017-05-11T02:28:57Z DEBUG stderr=
- 2017-05-11T02:28:57Z DEBUG wait_for_open_ports: localhost [389] timeout 300
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=active
- 2017-05-11T02:28:57Z DEBUG stderr=
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [5/47]: adding default schema
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [6/47]: enabling memberof plugin
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/memberof-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpKgPX2M
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-pluginenabled:
- on
- add memberofgroupattr:
- memberUser
- add memberofgroupattr:
- memberHost
- modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [7/47]: enabling winsync plugin
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-winsync-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpF3BdZ4
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- ipa-winsync
- add nsslapd-pluginpath:
- libipa_winsync
- add nsslapd-plugininitfunc:
- ipa_winsync_plugin_init
- add nsslapd-pluginDescription:
- Allows IPA to work with the DS windows sync feature
- add nsslapd-pluginid:
- ipa-winsync
- add nsslapd-pluginversion:
- 1.0
- add nsslapd-pluginvendor:
- Red Hat
- add nsslapd-plugintype:
- preoperation
- add nsslapd-pluginenabled:
- on
- add nsslapd-plugin-depends-on-type:
- database
- add ipaWinSyncRealmFilter:
- (objectclass=krbRealmContainer)
- add ipaWinSyncRealmAttr:
- cn
- add ipaWinSyncNewEntryFilter:
- (cn=ipaConfig)
- add ipaWinSyncNewUserOCAttr:
- ipauserobjectclasses
- add ipaWinSyncUserFlatten:
- true
- add ipaWinsyncHomeDirAttr:
- ipaHomesRootDir
- add ipaWinsyncLoginShellAttr:
- ipaDefaultLoginShell
- add ipaWinSyncDefaultGroupAttr:
- ipaDefaultPrimaryGroup
- add ipaWinSyncDefaultGroupFilter:
- (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
- add ipaWinSyncAcctDisable:
- both
- add ipaWinSyncForceSync:
- true
- add ipaWinSyncUserAttr:
- uidNumber -1
- gidNumber -1
- adding new entry "cn=ipa-winsync,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [8/47]: configuring replication version plugin
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/version-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpqxOMrO
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- IPA Version Replication
- add nsslapd-pluginpath:
- libipa_repl_version
- add nsslapd-plugininitfunc:
- repl_version_plugin_init
- add nsslapd-plugintype:
- preoperation
- add nsslapd-pluginenabled:
- off
- add nsslapd-pluginid:
- ipa_repl_version
- add nsslapd-pluginversion:
- 1.0
- add nsslapd-pluginvendor:
- Red Hat, Inc.
- add nsslapd-plugindescription:
- IPA Replication version plugin
- add nsslapd-plugin-depends-on-type:
- database
- add nsslapd-plugin-depends-on-named:
- Multimaster Replication Plugin
- adding new entry "cn=IPA Version Replication,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [9/47]: enabling IPA enrollment plugin
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp09vPNA -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpErHyRi
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- ipa_enrollment_extop
- add nsslapd-pluginpath:
- libipa_enrollment_extop
- add nsslapd-plugininitfunc:
- ipaenrollment_init
- add nsslapd-plugintype:
- extendedop
- add nsslapd-pluginenabled:
- on
- add nsslapd-pluginid:
- ipa_enrollment_extop
- add nsslapd-pluginversion:
- 1.0
- add nsslapd-pluginvendor:
- RedHat
- add nsslapd-plugindescription:
- Enroll hosts into the IPA domain
- add nsslapd-plugin-depends-on-type:
- database
- add nsslapd-realmTree:
- dc=rdlg,dc=net
- adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [10/47]: enabling ldapi
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpSGtAJI -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp2x05Y4
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-ldapilisten:
- on
- modifying entry "cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [11/47]: configuring uniqueness plugin
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpsHfFGc -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpW0Bzu0
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add objectClass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- krbPrincipalName uniqueness
- add nsslapd-pluginPath:
- libattr-unique-plugin
- add nsslapd-pluginInitfunc:
- NSUniqueAttr_Init
- add nsslapd-pluginType:
- preoperation
- add nsslapd-pluginEnabled:
- on
- add uniqueness-attribute-name:
- krbPrincipalName
- add nsslapd-plugin-depends-on-type:
- database
- add nsslapd-pluginId:
- NSUniqueAttr
- add nsslapd-pluginVersion:
- 1.1.0
- add nsslapd-pluginVendor:
- Fedora Project
- add nsslapd-pluginDescription:
- Enforce unique attribute values
- add uniqueness-subtrees:
- dc=rdlg,dc=net
- add uniqueness-exclude-subtrees:
- cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net
- add uniqueness-across-all-subtrees:
- on
- adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config"
- modify complete
- add objectClass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- krbCanonicalName uniqueness
- add nsslapd-pluginPath:
- libattr-unique-plugin
- add nsslapd-pluginInitfunc:
- NSUniqueAttr_Init
- add nsslapd-pluginType:
- preoperation
- add nsslapd-pluginEnabled:
- on
- add uniqueness-attribute-name:
- krbCanonicalName
- add nsslapd-plugin-depends-on-type:
- database
- add nsslapd-pluginId:
- NSUniqueAttr
- add nsslapd-pluginVersion:
- 1.1.0
- add nsslapd-pluginVendor:
- Fedora Project
- add nsslapd-pluginDescription:
- Enforce unique attribute values
- add uniqueness-subtrees:
- dc=rdlg,dc=net
- add uniqueness-exclude-subtrees:
- cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net
- add uniqueness-across-all-subtrees:
- on
- adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config"
- modify complete
- add objectClass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- netgroup uniqueness
- add nsslapd-pluginPath:
- libattr-unique-plugin
- add nsslapd-pluginInitfunc:
- NSUniqueAttr_Init
- add nsslapd-pluginType:
- preoperation
- add nsslapd-pluginEnabled:
- on
- add uniqueness-attribute-name:
- cn
- add uniqueness-subtrees:
- cn=ng,cn=alt,dc=rdlg,dc=net
- add nsslapd-plugin-depends-on-type:
- database
- add nsslapd-pluginId:
- NSUniqueAttr
- add nsslapd-pluginVersion:
- 1.1.0
- add nsslapd-pluginVendor:
- Fedora Project
- add nsslapd-pluginDescription:
- Enforce unique attribute values
- adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config"
- modify complete
- add objectClass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- ipaUniqueID uniqueness
- add nsslapd-pluginPath:
- libattr-unique-plugin
- add nsslapd-pluginInitfunc:
- NSUniqueAttr_Init
- add nsslapd-pluginType:
- preoperation
- add nsslapd-pluginEnabled:
- on
- add uniqueness-attribute-name:
- ipaUniqueID
- add nsslapd-plugin-depends-on-type:
- database
- add nsslapd-pluginId:
- NSUniqueAttr
- add nsslapd-pluginVersion:
- 1.1.0
- add nsslapd-pluginVendor:
- Fedora Project
- add nsslapd-pluginDescription:
- Enforce unique attribute values
- add uniqueness-subtrees:
- dc=rdlg,dc=net
- add uniqueness-exclude-subtrees:
- cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net
- add uniqueness-across-all-subtrees:
- on
- adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config"
- modify complete
- add objectClass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- sudorule name uniqueness
- add nsslapd-pluginDescription:
- Enforce unique attribute values
- add nsslapd-pluginPath:
- libattr-unique-plugin
- add nsslapd-pluginInitfunc:
- NSUniqueAttr_Init
- add nsslapd-pluginType:
- preoperation
- add nsslapd-pluginEnabled:
- on
- add uniqueness-attribute-name:
- cn
- add uniqueness-subtrees:
- cn=sudorules,cn=sudo,dc=rdlg,dc=net
- add nsslapd-plugin-depends-on-type:
- database
- add nsslapd-pluginId:
- NSUniqueAttr
- add nsslapd-pluginVersion:
- 1.1.0
- add nsslapd-pluginVendor:
- Fedora Project
- adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [12/47]: configuring uuid plugin
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/uuid-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpL6kr5k
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- IPA UUID
- add nsslapd-pluginpath:
- libipa_uuid
- add nsslapd-plugininitfunc:
- ipauuid_init
- add nsslapd-plugintype:
- preoperation
- add nsslapd-pluginenabled:
- on
- add nsslapd-pluginid:
- ipauuid_version
- add nsslapd-pluginversion:
- 1.0
- add nsslapd-pluginvendor:
- Red Hat, Inc.
- add nsslapd-plugindescription:
- IPA UUID plugin
- add nsslapd-plugin-depends-on-type:
- database
- adding new entry "cn=IPA UUID,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp14Pbo1 -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp7aYOtv
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
- top
- extensibleObject
- add cn:
- IPA Unique IDs
- add ipaUuidAttr:
- ipaUniqueID
- add ipaUuidMagicRegen:
- autogenerate
- add ipaUuidFilter:
- (|(objectclass=ipaObject)(objectclass=ipaAssociation))
- add ipaUuidScope:
- dc=rdlg,dc=net
- add ipaUuidEnforce:
- TRUE
- adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
- modify complete
- add objectclass:
- top
- extensibleObject
- add cn:
- IPK11 Unique IDs
- add ipaUuidAttr:
- ipk11UniqueID
- add ipaUuidMagicRegen:
- autogenerate
- add ipaUuidFilter:
- (objectclass=ipk11Object)
- add ipaUuidScope:
- dc=rdlg,dc=net
- add ipaUuidEnforce:
- FALSE
- adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [13/47]: configuring modrdn plugin
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/modrdn-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp36QY6G
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- IPA MODRDN
- add nsslapd-pluginpath:
- libipa_modrdn
- add nsslapd-plugininitfunc:
- ipamodrdn_init
- add nsslapd-plugintype:
- betxnpostoperation
- add nsslapd-pluginenabled:
- on
- add nsslapd-pluginid:
- ipamodrdn_version
- add nsslapd-pluginversion:
- 1.0
- add nsslapd-pluginvendor:
- Red Hat, Inc.
- add nsslapd-plugindescription:
- IPA MODRDN plugin
- add nsslapd-plugin-depends-on-type:
- database
- add nsslapd-pluginPrecedence:
- 60
- adding new entry "cn=IPA MODRDN,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp6u9s0U -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpr8Hixk
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
- top
- extensibleObject
- add cn:
- Kerberos Principal Name
- add ipaModRDNsourceAttr:
- uid
- add ipaModRDNtargetAttr:
- krbPrincipalName
- add ipaModRDNsuffix:
- @RDLG.NET
- add ipaModRDNfilter:
- (&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
- add ipaModRDNscope:
- dc=rdlg,dc=net
- adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config"
- modify complete
- add objectclass:
- top
- extensibleObject
- add cn:
- Kerberos Canonical Name
- add ipaModRDNsourceAttr:
- uid
- add ipaModRDNtargetAttr:
- krbCanonicalName
- add ipaModRDNsuffix:
- @RDLG.NET
- add ipaModRDNfilter:
- (&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
- add ipaModRDNscope:
- dc=rdlg,dc=net
- adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [14/47]: configuring DNS plugin
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-dns-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpgHSP8_
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
- top
- nsslapdPlugin
- extensibleObject
- add cn:
- IPA DNS
- add nsslapd-plugindescription:
- IPA DNS support plugin
- add nsslapd-pluginenabled:
- on
- add nsslapd-pluginid:
- ipa_dns
- add nsslapd-plugininitfunc:
- ipadns_init
- add nsslapd-pluginpath:
- libipa_dns.so
- add nsslapd-plugintype:
- preoperation
- add nsslapd-pluginvendor:
- Red Hat, Inc.
- add nsslapd-pluginversion:
- 1.0
- add nsslapd-plugin-depends-on-type:
- database
- adding new entry "cn=IPA DNS,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [15/47]: enabling entryUSN plugin
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/entryusn.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp7MjKP0
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-entryusn-global:
- on
- modifying entry "cn=config"
- modify complete
- replace nsslapd-entryusn-import-initval:
- next
- modifying entry "cn=config"
- modify complete
- replace nsslapd-pluginenabled:
- on
- modifying entry "cn=USN,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [16/47]: configuring lockout plugin
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/lockout-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmptvr5Cq
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- IPA Lockout
- add nsslapd-pluginpath:
- libipa_lockout
- add nsslapd-plugininitfunc:
- ipalockout_init
- add nsslapd-plugintype:
- object
- add nsslapd-pluginenabled:
- on
- add nsslapd-pluginid:
- ipalockout_version
- add nsslapd-pluginversion:
- 1.0
- add nsslapd-pluginvendor:
- Red Hat, Inc.
- add nsslapd-plugindescription:
- IPA Lockout plugin
- add nsslapd-plugin-depends-on-type:
- database
- adding new entry "cn=IPA Lockout,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [17/47]: configuring topology plugin
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpy6J5zd -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmphMR5dA
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add objectClass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- IPA Topology Configuration
- add nsslapd-pluginPath:
- libtopology
- add nsslapd-pluginInitfunc:
- ipa_topo_init
- add nsslapd-pluginType:
- object
- add nsslapd-pluginEnabled:
- on
- add nsslapd-topo-plugin-shared-config-base:
- cn=ipa,cn=etc,dc=rdlg,dc=net
- add nsslapd-topo-plugin-shared-replica-root:
- dc=rdlg,dc=net
- o=ipaca
- add nsslapd-topo-plugin-shared-binddngroup:
- cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net
- add nsslapd-topo-plugin-startup-delay:
- 20
- add nsslapd-pluginId:
- none
- add nsslapd-plugin-depends-on-named:
- ldbm database
- Multimaster Replication Plugin
- add nsslapd-pluginVersion:
- 1.0
- add nsslapd-pluginVendor:
- none
- add nsslapd-pluginDescription:
- none
- adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [18/47]: creating indices
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/indices.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmplvya6u
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add objectClass:
- top
- nsIndex
- add cn:
- krbPrincipalName
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- sub
- add nsMatchingRule:
- caseIgnoreIA5Match
- caseExactIA5Match
- adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add objectClass:
- top
- nsIndex
- add cn:
- ou
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- sub
- adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add objectClass:
- top
- nsIndex
- add cn:
- carLicense
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- sub
- adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add objectClass:
- top
- nsIndex
- add cn:
- title
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- sub
- adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add objectClass:
- top
- nsIndex
- add cn:
- manager
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- sub
- adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add objectClass:
- top
- nsIndex
- add cn:
- secretary
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- sub
- adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add objectClass:
- top
- nsIndex
- add cn:
- displayname
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- sub
- adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add nsIndexType:
- sub
- modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add objectClass:
- top
- nsIndex
- add cn:
- uidnumber
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- add nsMatchingRule:
- integerOrderingMatch
- adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add objectClass:
- top
- nsIndex
- add cn:
- gidnumber
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- add nsMatchingRule:
- integerOrderingMatch
- adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- replace nsIndexType:
- eq
- pres
- modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- replace nsIndexType:
- eq
- pres
- modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add ObjectClass:
- top
- nsIndex
- add cn:
- fqdn
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add ObjectClass:
- top
- nsIndex
- add cn:
- macAddress
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- memberHost
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- sub
- adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- memberUser
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- sub
- adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- sourcehost
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- sub
- adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- memberservice
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- sub
- adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- managedby
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- sub
- adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- memberallowcmd
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- sub
- adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- memberdenycmd
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- sub
- adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- ipasudorunas
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- sub
- adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- ipasudorunasgroup
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- sub
- adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- automountkey
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- ipakrbprincipalalias
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- ipauniqueid
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- ipaMemberCa
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- sub
- adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- ipaMemberCertProfile
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- sub
- adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- userCertificate
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- ipalocation
- add ObjectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- pres
- adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add cn:
- krbCanonicalName
- add objectClass:
- top
- nsIndex
- add nsSystemIndex:
- false
- add nsIndexType:
- eq
- sub
- adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [19/47]: enabling referential integrity plugin
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/referint-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpsyAn3i
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-pluginenabled:
- on
- modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [20/47]: configuring certmap.conf
- 2017-05-11T02:28:57Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
- 2017-05-11T02:28:57Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
- 2017-05-11T02:28:57Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [21/47]: configure autobind for root
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/root-autobind.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpevzBjs
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add objectClass:
- extensibleObject
- top
- add cn:
- root-autobind
- add uidNumber:
- 0
- add gidNumber:
- 0
- adding new entry "cn=root-autobind,cn=config"
- modify complete
- replace nsslapd-ldapiautobind:
- on
- modifying entry "cn=config"
- modify complete
- replace nsslapd-ldapimaptoentries:
- on
- modifying entry "cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [22/47]: configure new location for managed entries
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpTpoIdR -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpQxJNCc
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=add nsslapd-pluginConfigArea:
- cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net
- modifying entry "cn=Managed Entries,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [23/47]: configure dirsrv ccache
- 2017-05-11T02:28:57Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
- 2017-05-11T02:28:57Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/sbin/selinuxenabled
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=
- 2017-05-11T02:28:57Z DEBUG stderr=
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=
- 2017-05-11T02:28:57Z DEBUG stderr=
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [24/47]: enabling SASL mapping fallback
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpJa50kq -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp2pg802
- 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback:
- on
- modifying entry "cn=config"
- modify complete
- 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:57Z DEBUG [25/47]: restarting directory server
- 2017-05-11T02:28:57Z DEBUG Starting external process
- 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl --system daemon-reload
- 2017-05-11T02:28:58Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:58Z DEBUG stdout=
- 2017-05-11T02:28:58Z DEBUG stderr=
- 2017-05-11T02:28:58Z DEBUG Starting external process
- 2017-05-11T02:28:58Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service
- 2017-05-11T02:28:58Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:58Z DEBUG stdout=
- 2017-05-11T02:28:58Z DEBUG stderr=
- 2017-05-11T02:28:58Z DEBUG Starting external process
- 2017-05-11T02:28:58Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
- 2017-05-11T02:28:58Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:58Z DEBUG stdout=active
- 2017-05-11T02:28:58Z DEBUG stderr=
- 2017-05-11T02:28:58Z DEBUG wait_for_open_ports: localhost [389] timeout 300
- 2017-05-11T02:28:58Z DEBUG Starting external process
- 2017-05-11T02:28:58Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
- 2017-05-11T02:28:58Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:58Z DEBUG stdout=active
- 2017-05-11T02:28:58Z DEBUG stderr=
- 2017-05-11T02:28:58Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:58Z DEBUG [26/47]: adding sasl mappings to the directory
- 2017-05-11T02:28:58Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
- 2017-05-11T02:28:58Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4d16ea8>
- 2017-05-11T02:28:59Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:59Z DEBUG [27/47]: adding default layout
- 2017-05-11T02:28:59Z DEBUG Starting external process
- 2017-05-11T02:28:59Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpBcGnPg -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpGryqyO
- 2017-05-11T02:28:59Z DEBUG Process finished, return code=0
- 2017-05-11T02:28:59Z DEBUG stdout=add objectClass:
- top
- nsContainer
- add cn:
- accounts
- adding new entry "cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- users
- adding new entry "cn=users,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- groups
- adding new entry "cn=groups,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- services
- adding new entry "cn=services,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- computers
- adding new entry "cn=computers,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- hostgroups
- adding new entry "cn=hostgroups,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- add cn:
- alt
- adding new entry "cn=alt,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- add cn:
- ng
- adding new entry "cn=ng,cn=alt,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- add cn:
- automount
- adding new entry "cn=automount,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- add cn:
- default
- adding new entry "cn=default,cn=automount,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- automountMap
- add automountMapName:
- auto.master
- adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- automountMap
- add automountMapName:
- auto.direct
- adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- automount
- add automountKey:
- /-
- add automountInformation:
- auto.direct
- add description:
- /- auto.direct
- adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- hbac
- adding new entry "cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- hbacservices
- adding new entry "cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- hbacservicegroups
- adding new entry "cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- sudo
- adding new entry "cn=sudo,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- sudocmds
- adding new entry "cn=sudocmds,cn=sudo,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- sudocmdgroups
- adding new entry "cn=sudocmdgroups,cn=sudo,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- sudorules
- adding new entry "cn=sudorules,cn=sudo,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- etc
- adding new entry "cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- locations
- adding new entry "cn=locations,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- sysaccounts
- adding new entry "cn=sysaccounts,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- ipa
- adding new entry "cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- masters
- adding new entry "cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- replicas
- adding new entry "cn=replicas,cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- dna
- adding new entry "cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- posix-ids
- adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- ca_renewal
- adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- certificates
- adding new entry "cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- custodia
- adding new entry "cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- dogtag
- adding new entry "cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- s4u2proxy
- adding new entry "cn=s4u2proxy,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- ipaKrb5DelegationACL
- groupOfPrincipals
- top
- add cn:
- ipa-http-delegation
- add memberPrincipal:
- HTTP/ipa.rdlg.net@RDLG.NET
- add ipaAllowedTarget:
- cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net
- cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net
- adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- groupOfPrincipals
- top
- add cn:
- ipa-ldap-delegation-targets
- add memberPrincipal:
- ldap/ipa.rdlg.net@RDLG.NET
- adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- groupOfPrincipals
- top
- add cn:
- ipa-cifs-delegation-targets
- adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- person
- posixaccount
- krbprincipalaux
- krbticketpolicyaux
- inetuser
- ipaobject
- ipasshuser
- add uid:
- admin
- add krbPrincipalName:
- admin@RDLG.NET
- add cn:
- Administrator
- add sn:
- Administrator
- add uidNumber:
- 1085800000
- add gidNumber:
- 1085800000
- add homeDirectory:
- /home/admin
- add loginShell:
- /bin/bash
- add gecos:
- Administrator
- add nsAccountLock:
- FALSE
- add ipaUniqueID:
- autogenerate
- adding new entry "uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- posixgroup
- ipausergroup
- ipaobject
- add cn:
- admins
- add description:
- Account administrators group
- add gidNumber:
- 1085800000
- add member:
- uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net
- add nsAccountLock:
- FALSE
- add ipaUniqueID:
- autogenerate
- adding new entry "cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- ipausergroup
- ipaobject
- add description:
- Default group for all users
- add cn:
- ipausers
- add ipaUniqueID:
- autogenerate
- adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- posixgroup
- ipausergroup
- ipaobject
- add gidNumber:
- 1085800002
- add description:
- Limited admins who can edit other users
- add cn:
- editors
- add ipaUniqueID:
- autogenerate
- adding new entry "cn=editors,cn=groups,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupOfNames
- nestedGroup
- ipaobject
- ipahostgroup
- add description:
- IPA server hosts
- add cn:
- ipaservers
- add ipaUniqueID:
- autogenerate
- adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- ipahbacservice
- ipaobject
- add cn:
- sshd
- add description:
- sshd
- add ipauniqueid:
- autogenerate
- adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- ipahbacservice
- ipaobject
- add cn:
- ftp
- add description:
- ftp
- add ipauniqueid:
- autogenerate
- adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- ipahbacservice
- ipaobject
- add cn:
- su
- add description:
- su
- add ipauniqueid:
- autogenerate
- adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- ipahbacservice
- ipaobject
- add cn:
- login
- add description:
- login
- add ipauniqueid:
- autogenerate
- adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- ipahbacservice
- ipaobject
- add cn:
- su-l
- add description:
- su with login shell
- add ipauniqueid:
- autogenerate
- adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- ipahbacservice
- ipaobject
- add cn:
- sudo
- add description:
- sudo
- add ipauniqueid:
- autogenerate
- adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- ipahbacservice
- ipaobject
- add cn:
- sudo-i
- add description:
- sudo-i
- add ipauniqueid:
- autogenerate
- adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- ipahbacservice
- ipaobject
- add cn:
- gdm
- add description:
- gdm
- add ipauniqueid:
- autogenerate
- adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- ipahbacservice
- ipaobject
- add cn:
- gdm-password
- add description:
- gdm-password
- add ipauniqueid:
- autogenerate
- adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- ipahbacservice
- ipaobject
- add cn:
- kdm
- add description:
- kdm
- add ipauniqueid:
- autogenerate
- adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- ipaobject
- ipahbacservicegroup
- nestedGroup
- groupOfNames
- top
- add cn:
- Sudo
- add ipauniqueid:
- autogenerate
- add description:
- Default group of Sudo related services
- add member:
- cn=sudo,cn=hbacservices,cn=hbac,dc=rdlg,dc=net
- cn=sudo-i,cn=hbacservices,cn=hbac,dc=rdlg,dc=net
- adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- ipaGuiConfig
- ipaConfigObject
- add ipaUserSearchFields:
- uid,givenname,sn,telephonenumber,ou,title
- add ipaGroupSearchFields:
- cn,description
- add ipaSearchTimeLimit:
- 2
- add ipaSearchRecordsLimit:
- 100
- add ipaHomesRootDir:
- /home
- add ipaDefaultLoginShell:
- /bin/sh
- add ipaDefaultPrimaryGroup:
- ipausers
- add ipaMaxUsernameLength:
- 32
- add ipaPwdExpAdvNotify:
- 4
- add ipaGroupObjectClasses:
- top
- groupofnames
- nestedgroup
- ipausergroup
- ipaobject
- add ipaUserObjectClasses:
- top
- person
- organizationalperson
- inetorgperson
- inetuser
- posixaccount
- krbprincipalaux
- krbticketpolicyaux
- ipaobject
- ipasshuser
- add ipaDefaultEmailDomain:
- rdlg.net
- add ipaMigrationEnabled:
- FALSE
- add ipaConfigString:
- AllowNThash
- add ipaSELinuxUserMapOrder:
- guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
- add ipaSELinuxUserMapDefault:
- unconfined_u:s0-s0:c0.c1023
- adding new entry "cn=ipaConfig,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- top
- nsContainer
- add cn:
- cosTemplates
- adding new entry "cn=cosTemplates,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add description:
- Password Policy based on group membership
- add objectClass:
- top
- ldapsubentry
- cosSuperDefinition
- cosClassicDefinition
- add cosTemplateDn:
- cn=cosTemplates,cn=accounts,dc=rdlg,dc=net
- add cosAttribute:
- krbPwdPolicyReference override
- add cosSpecifier:
- memberOf
- adding new entry "cn=Password Policy,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- selinux
- adding new entry "cn=selinux,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- usermap
- adding new entry "cn=usermap,cn=selinux,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- ranges
- adding new entry "cn=ranges,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- ipaIDrange
- ipaDomainIDRange
- add cn:
- RDLG.NET_id_range
- add ipaBaseID:
- 1085800000
- add ipaIDRangeSize:
- 200000
- add ipaRangeType:
- ipa-local
- adding new entry "cn=RDLG.NET_id_range,cn=ranges,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- ca
- adding new entry "cn=ca,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- certprofiles
- adding new entry "cn=certprofiles,cn=ca,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- caacls
- adding new entry "cn=caacls,cn=ca,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- cas
- adding new entry "cn=cas,cn=ca,dc=rdlg,dc=net"
- modify complete
- 2017-05-11T02:28:59Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:28:59Z DEBUG duration: 0 seconds
- 2017-05-11T02:28:59Z DEBUG [28/47]: adding delegation layout
- 2017-05-11T02:28:59Z DEBUG Starting external process
- 2017-05-11T02:28:59Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpcwd9Yk -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp4mvX3j
- 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:00Z DEBUG stdout=add objectClass:
- top
- nsContainer
- add cn:
- roles
- adding new entry "cn=roles,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- pbac
- adding new entry "cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- privileges
- adding new entry "cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- permissions
- adding new entry "cn=permissions,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- helpdesk
- add description:
- Helpdesk
- adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- User Administrators
- add description:
- User Administrators
- adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- Group Administrators
- add description:
- Group Administrators
- adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- Host Administrators
- add description:
- Host Administrators
- adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- Host Group Administrators
- add description:
- Host Group Administrators
- adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- Delegation Administrator
- add description:
- Role administration
- adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- DNS Administrators
- add description:
- DNS Administrators
- adding new entry "cn=DNS Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- DNS Servers
- add description:
- DNS Servers
- adding new entry "cn=DNS Servers,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- Service Administrators
- add description:
- Service Administrators
- adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- Automount Administrators
- add description:
- Automount Administrators
- adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- Netgroups Administrators
- add description:
- Netgroups Administrators
- adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- Certificate Administrators
- add description:
- Certificate Administrators
- adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- Replication Administrators
- add description:
- Replication Administrators
- add member:
- cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net
- adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- Host Enrollment
- add description:
- Host Enrollment
- adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- Stage User Administrators
- add description:
- Stage User Administrators
- adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- nestedgroup
- add cn:
- Stage User Provisioning
- add description:
- Stage User Provisioning
- adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- ipapermission
- add cn:
- Add Replication Agreements
- add ipapermissiontype:
- SYSTEM
- add member:
- cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
- adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- ipapermission
- add cn:
- Modify Replication Agreements
- add ipapermissiontype:
- SYSTEM
- add member:
- cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
- adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- ipapermission
- add cn:
- Read Replication Agreements
- add ipapermissiontype:
- SYSTEM
- add member:
- cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
- adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- ipapermission
- add cn:
- Remove Replication Agreements
- add ipapermissiontype:
- SYSTEM
- add member:
- cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
- adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- ipapermission
- add cn:
- Modify DNA Range
- add ipapermissiontype:
- SYSTEM
- add member:
- cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
- adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- virtual operations
- adding new entry "cn=virtual operations,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- ipapermission
- add cn:
- Retrieve Certificates from the CA
- add member:
- cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
- adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
- modifying entry "dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- ipapermission
- add cn:
- Request Certificate
- add member:
- cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
- adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
- modifying entry "dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- ipapermission
- add cn:
- Request Certificates from a different host
- add member:
- cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
- adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
- modifying entry "dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- ipapermission
- add cn:
- Get Certificates status from the CA
- add member:
- cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
- adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
- modifying entry "dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- ipapermission
- add cn:
- Revoke Certificate
- add member:
- cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
- adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
- modifying entry "dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- groupofnames
- ipapermission
- add cn:
- Certificate Remove Hold
- add member:
- cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
- adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
- modifying entry "dc=rdlg,dc=net"
- modify complete
- 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:00Z DEBUG [29/47]: creating container for managed entries
- 2017-05-11T02:29:00Z DEBUG Starting external process
- 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpRPkTox -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp9026yu
- 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:00Z DEBUG stdout=add objectClass:
- nsContainer
- top
- add cn:
- Managed Entries
- adding new entry "cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- Templates
- adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- nsContainer
- top
- add cn:
- Definitions
- adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
- modify complete
- 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:00Z DEBUG [30/47]: configuring user private groups
- 2017-05-11T02:29:00Z DEBUG Starting external process
- 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmprRUrdz -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpHiFznN
- 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
- mepTemplateEntry
- add cn:
- UPG Template
- add mepRDNAttr:
- cn
- add mepStaticAttr:
- objectclass: posixgroup
- objectclass: ipaobject
- ipaUniqueId: autogenerate
- add mepMappedAttr:
- cn: $uid
- gidNumber: $uidNumber
- description: User private group for $uid
- adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- extensibleObject
- add cn:
- UPG Definition
- add originScope:
- cn=users,cn=accounts,dc=rdlg,dc=net
- add originFilter:
- (&(objectclass=posixAccount)(!(description=__no_upg__)))
- add managedBase:
- cn=groups,cn=accounts,dc=rdlg,dc=net
- add managedTemplate:
- cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net
- adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
- modify complete
- 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:00Z DEBUG [31/47]: configuring netgroups from hostgroups
- 2017-05-11T02:29:00Z DEBUG Starting external process
- 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpM1KV9g -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpNcDh6U
- 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
- mepTemplateEntry
- add cn:
- NGP HGP Template
- add mepRDNAttr:
- cn
- add mepStaticAttr:
- ipaUniqueId: autogenerate
- objectclass: ipanisnetgroup
- objectclass: ipaobject
- nisDomainName: rdlg.net
- add mepMappedAttr:
- cn: $cn
- memberHost: $dn
- description: ipaNetgroup $cn
- adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- extensibleObject
- add cn:
- NGP Definition
- add originScope:
- cn=hostgroups,cn=accounts,dc=rdlg,dc=net
- add originFilter:
- objectclass=ipahostgroup
- add managedBase:
- cn=ng,cn=alt,dc=rdlg,dc=net
- add managedTemplate:
- cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net
- adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
- modify complete
- 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:00Z DEBUG [32/47]: creating default Sudo bind user
- 2017-05-11T02:29:00Z DEBUG Starting external process
- 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpr1dlvx -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpmNC9FF
- 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
- account
- simplesecurityobject
- add uid:
- sudo
- add userPassword:
- XXXXXXXX
- add passwordExpirationTime:
- 20380119031407Z
- add nsIdleTimeout:
- 0
- adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=rdlg,dc=net"
- modify complete
- 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:00Z DEBUG [33/47]: creating default Auto Member layout
- 2017-05-11T02:29:00Z DEBUG Starting external process
- 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpGFzo_h -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmplPB7jz
- 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:00Z DEBUG stdout=add nsslapd-pluginConfigArea:
- cn=automember,cn=etc,dc=rdlg,dc=net
- modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config"
- modify complete
- add objectClass:
- top
- nsContainer
- add cn:
- automember
- adding new entry "cn=automember,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- autoMemberDefinition
- add cn:
- Hostgroup
- add autoMemberScope:
- cn=computers,cn=accounts,dc=rdlg,dc=net
- add autoMemberFilter:
- objectclass=ipaHost
- add autoMemberGroupingAttr:
- member:dn
- adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- autoMemberDefinition
- add cn:
- Group
- add autoMemberScope:
- cn=users,cn=accounts,dc=rdlg,dc=net
- add autoMemberFilter:
- objectclass=posixAccount
- add autoMemberGroupingAttr:
- member:dn
- adding new entry "cn=Group,cn=automember,cn=etc,dc=rdlg,dc=net"
- modify complete
- 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:00Z DEBUG [34/47]: adding range check plugin
- 2017-05-11T02:29:00Z DEBUG Starting external process
- 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp2BYVEM -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpsawBXG
- 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- IPA Range-Check
- add nsslapd-pluginpath:
- libipa_range_check
- add nsslapd-plugininitfunc:
- ipa_range_check_init
- add nsslapd-plugintype:
- preoperation
- add nsslapd-pluginenabled:
- on
- add nsslapd-pluginid:
- ipa_range_check_version
- add nsslapd-pluginversion:
- 1.0
- add nsslapd-pluginvendor:
- Red Hat, Inc.
- add nsslapd-plugindescription:
- IPA Range-Check plugin
- add nsslapd-plugin-depends-on-type:
- database
- add nsslapd-basedn:
- dc=rdlg,dc=net
- adding new entry "cn=IPA Range-Check,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:00Z DEBUG [35/47]: creating default HBAC rule allow_all
- 2017-05-11T02:29:00Z DEBUG Starting external process
- 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpEN3WMi -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp41X3u2
- 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
- ipaassociation
- ipahbacrule
- add cn:
- allow_all
- add accessruletype:
- allow
- add usercategory:
- all
- add hostcategory:
- all
- add servicecategory:
- all
- add ipaenabledflag:
- TRUE
- add description:
- Allow all users to access any host from any host
- add ipauniqueid:
- autogenerate
- adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=rdlg,dc=net"
- modify complete
- 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:00Z DEBUG [36/47]: adding sasl mappings to the directory
- 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:00Z DEBUG [37/47]: adding entries for topology management
- 2017-05-11T02:29:00Z DEBUG Starting external process
- 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpKv6j0X -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmptjsce1
- 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
- top
- nsContainer
- add cn:
- topology
- adding new entry "cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- add objectclass:
- top
- iparepltopoconf
- add ipaReplTopoConfRoot:
- dc=rdlg,dc=net
- add nsDS5ReplicatedAttributeList:
- (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
- add nsDS5ReplicatedAttributeListTotal:
- (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
- add nsds5ReplicaStripAttrs:
- modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp
- add cn:
- domain
- adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:00Z DEBUG [38/47]: initializing group membership
- 2017-05-11T02:29:00Z DEBUG Starting external process
- 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpYkSjyh -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpvOr2_r
- 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:00Z DEBUG stdout=add objectClass:
- top
- extensibleObject
- add cn:
- IPA install
- add basedn:
- dc=rdlg,dc=net
- add filter:
- (objectclass=*)
- add ttl:
- 10
- adding new entry "cn=IPA install 1494469733, cn=memberof task, cn=tasks, cn=config"
- modify complete
- 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:00Z DEBUG Waiting for memberof task to complete.
- 2017-05-11T02:29:01Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
- 2017-05-11T02:29:01Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4f6d950>
- 2017-05-11T02:29:01Z DEBUG duration: 1 seconds
- 2017-05-11T02:29:01Z DEBUG [39/47]: adding master entry
- 2017-05-11T02:29:01Z DEBUG Starting external process
- 2017-05-11T02:29:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpi89o8U -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmps96QVi
- 2017-05-11T02:29:01Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:01Z DEBUG stdout=add objectclass:
- top
- nsContainer
- ipaReplTopoManagedServer
- ipaConfigObject
- ipaSupportedDomainLevelConfig
- add cn:
- ipa.rdlg.net
- add ipaReplTopoManagedSuffix:
- dc=rdlg,dc=net
- add ipaMinDomainLevel:
- 0
- add ipaMaxDomainLevel:
- 1
- adding new entry "cn=ipa.rdlg.net,cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- 2017-05-11T02:29:01Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:01Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:01Z DEBUG [40/47]: initializing domain level
- 2017-05-11T02:29:01Z DEBUG Starting external process
- 2017-05-11T02:29:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpCg4qWX -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpTT6Qep
- 2017-05-11T02:29:01Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:01Z DEBUG stdout=add objectClass:
- top
- nsContainer
- ipaDomainLevelConfig
- add ipaDomainLevel:
- 1
- adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- 2017-05-11T02:29:01Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:01Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:01Z DEBUG [41/47]: configuring Posix uid/gid generation
- 2017-05-11T02:29:01Z DEBUG Starting external process
- 2017-05-11T02:29:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpehxGyr -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp_YSRW_
- 2017-05-11T02:29:01Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:01Z DEBUG stdout=add objectclass:
- top
- extensibleObject
- add cn:
- Posix IDs
- add dnaType:
- uidNumber
- gidNumber
- add dnaNextValue:
- 1085800000
- add dnaMaxValue:
- 1085999999
- add dnaMagicRegen:
- -1
- add dnaFilter:
- (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject))
- add dnaScope:
- dc=rdlg,dc=net
- add dnaThreshold:
- 500
- add dnaSharedCfgDN:
- cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net
- adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:29:01Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:01Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:01Z DEBUG [42/47]: adding replication acis
- 2017-05-11T02:29:01Z DEBUG Starting external process
- 2017-05-11T02:29:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpLa4Yeh -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpw3a1qa
- 2017-05-11T02:29:01Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:01Z DEBUG stdout=add aci:
- (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
- modifying entry "cn=mapping tree,cn=config"
- modify complete
- add aci:
- (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
- modifying entry "cn=mapping tree,cn=config"
- modify complete
- add aci:
- (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
- modifying entry "cn=mapping tree,cn=config"
- modify complete
- add aci:
- (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
- modifying entry "cn=mapping tree,cn=config"
- modify complete
- add aci:
- (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
- modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
- modify complete
- add aci:
- (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
- modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
- modify complete
- add aci:
- (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
- modifying entry "cn=tasks,cn=config"
- modify complete
- 2017-05-11T02:29:01Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:01Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:01Z DEBUG [43/47]: enabling compatibility plugin
- 2017-05-11T02:29:01Z DEBUG importing all plugin modules in ipaserver.plugins...
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.aci
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.automember
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.automount
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.baseldap
- 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.baseuser
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.batch
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.ca
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.caacl
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.cert
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.certprofile
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.config
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.delegation
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.dns
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.dnsserver
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.dogtag
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.domainlevel
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.group
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbac
- 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbacrule
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbactest
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.host
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hostgroup
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.idrange
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.idviews
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.internal
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.join
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.ldap2
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.location
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.migration
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.misc
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.netgroup
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.otp
- 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.otp is not a valid plugin module
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.otpconfig
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.otptoken
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.passwd
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.permission
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.ping
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.pkinit
- 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.privilege
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.rabase
- 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.realmdomains
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.role
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.schema
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.selfservice
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.server
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.serverrole
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.serverroles
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.service
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.session
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.stageuser
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.sudo
- 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.sudocmd
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.sudorule
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.topology
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.trust
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.user
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.vault
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.virtual
- 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.xmlserver
- 2017-05-11T02:29:01Z DEBUG importing all plugin modules in ipaserver.install.plugins...
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.dns
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_services
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
- 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
- 2017-05-11T02:29:02Z DEBUG Created connection context.ldap2_89920016
- 2017-05-11T02:29:02Z DEBUG Destroyed connection context.ldap2_89920016
- 2017-05-11T02:29:02Z DEBUG Created connection context.ldap2_89920016
- 2017-05-11T02:29:02Z DEBUG Parsing update file '/usr/share/ipa/schema_compat.uldif'
- 2017-05-11T02:29:02Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:29:02Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x716bcf8>
- 2017-05-11T02:29:02Z DEBUG New entry: cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Initial value
- 2017-05-11T02:29:02Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginid:
- 2017-05-11T02:29:02Z DEBUG schema-compat-plugin
- 2017-05-11T02:29:02Z DEBUG cn:
- 2017-05-11T02:29:02Z DEBUG Schema Compatibility
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginbetxn:
- 2017-05-11T02:29:02Z DEBUG on
- 2017-05-11T02:29:02Z DEBUG objectclass:
- 2017-05-11T02:29:02Z DEBUG top
- 2017-05-11T02:29:02Z DEBUG nsSlapdPlugin
- 2017-05-11T02:29:02Z DEBUG extensibleObject
- 2017-05-11T02:29:02Z DEBUG nsslapd-plugindescription:
- 2017-05-11T02:29:02Z DEBUG Schema Compatibility Plugin
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginenabled:
- 2017-05-11T02:29:02Z DEBUG on
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginpath:
- 2017-05-11T02:29:02Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginversion:
- 2017-05-11T02:29:02Z DEBUG 0.8
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginvendor:
- 2017-05-11T02:29:02Z DEBUG redhat.com
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginprecedence:
- 2017-05-11T02:29:02Z DEBUG 40
- 2017-05-11T02:29:02Z DEBUG nsslapd-plugintype:
- 2017-05-11T02:29:02Z DEBUG object
- 2017-05-11T02:29:02Z DEBUG nsslapd-plugininitfunc:
- 2017-05-11T02:29:02Z DEBUG schema_compat_plugin_init
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Final value after applying updates
- 2017-05-11T02:29:02Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginid:
- 2017-05-11T02:29:02Z DEBUG schema-compat-plugin
- 2017-05-11T02:29:02Z DEBUG cn:
- 2017-05-11T02:29:02Z DEBUG Schema Compatibility
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginbetxn:
- 2017-05-11T02:29:02Z DEBUG on
- 2017-05-11T02:29:02Z DEBUG objectclass:
- 2017-05-11T02:29:02Z DEBUG top
- 2017-05-11T02:29:02Z DEBUG nsSlapdPlugin
- 2017-05-11T02:29:02Z DEBUG extensibleObject
- 2017-05-11T02:29:02Z DEBUG nsslapd-plugindescription:
- 2017-05-11T02:29:02Z DEBUG Schema Compatibility Plugin
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginenabled:
- 2017-05-11T02:29:02Z DEBUG on
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginpath:
- 2017-05-11T02:29:02Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginversion:
- 2017-05-11T02:29:02Z DEBUG 0.8
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginvendor:
- 2017-05-11T02:29:02Z DEBUG redhat.com
- 2017-05-11T02:29:02Z DEBUG nsslapd-pluginprecedence:
- 2017-05-11T02:29:02Z DEBUG 40
- 2017-05-11T02:29:02Z DEBUG nsslapd-plugintype:
- 2017-05-11T02:29:02Z DEBUG object
- 2017-05-11T02:29:02Z DEBUG nsslapd-plugininitfunc:
- 2017-05-11T02:29:02Z DEBUG schema_compat_plugin_init
- 2017-05-11T02:29:02Z DEBUG New entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Initial value
- 2017-05-11T02:29:02Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
- 2017-05-11T02:29:02Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
- 2017-05-11T02:29:02Z DEBUG cn=%{cn}
- 2017-05-11T02:29:02Z DEBUG objectclass=posixAccount
- 2017-05-11T02:29:02Z DEBUG gidNumber=%{gidNumber}
- 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")
- 2017-05-11T02:29:02Z DEBUG gecos=%{cn}
- 2017-05-11T02:29:02Z DEBUG ipaanchoruuid=%{ipaanchoruuid}
- 2017-05-11T02:29:02Z DEBUG uidNumber=%{uidNumber}
- 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
- 2017-05-11T02:29:02Z DEBUG loginShell=%{loginShell}
- 2017-05-11T02:29:02Z DEBUG homeDirectory=%{homeDirectory}
- 2017-05-11T02:29:02Z DEBUG cn:
- 2017-05-11T02:29:02Z DEBUG users
- 2017-05-11T02:29:02Z DEBUG objectClass:
- 2017-05-11T02:29:02Z DEBUG top
- 2017-05-11T02:29:02Z DEBUG extensibleObject
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
- 2017-05-11T02:29:02Z DEBUG objectclass=posixAccount
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
- 2017-05-11T02:29:02Z DEBUG cn=users
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
- 2017-05-11T02:29:02Z DEBUG uid=%{uid}
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
- 2017-05-11T02:29:02Z DEBUG cn=users, cn=accounts, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
- 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Final value after applying updates
- 2017-05-11T02:29:02Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
- 2017-05-11T02:29:02Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
- 2017-05-11T02:29:02Z DEBUG cn=%{cn}
- 2017-05-11T02:29:02Z DEBUG objectclass=posixAccount
- 2017-05-11T02:29:02Z DEBUG gidNumber=%{gidNumber}
- 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")
- 2017-05-11T02:29:02Z DEBUG gecos=%{cn}
- 2017-05-11T02:29:02Z DEBUG ipaanchoruuid=%{ipaanchoruuid}
- 2017-05-11T02:29:02Z DEBUG uidNumber=%{uidNumber}
- 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
- 2017-05-11T02:29:02Z DEBUG loginShell=%{loginShell}
- 2017-05-11T02:29:02Z DEBUG homeDirectory=%{homeDirectory}
- 2017-05-11T02:29:02Z DEBUG cn:
- 2017-05-11T02:29:02Z DEBUG users
- 2017-05-11T02:29:02Z DEBUG objectClass:
- 2017-05-11T02:29:02Z DEBUG top
- 2017-05-11T02:29:02Z DEBUG extensibleObject
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
- 2017-05-11T02:29:02Z DEBUG objectclass=posixAccount
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
- 2017-05-11T02:29:02Z DEBUG cn=users
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
- 2017-05-11T02:29:02Z DEBUG uid=%{uid}
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
- 2017-05-11T02:29:02Z DEBUG cn=users, cn=accounts, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
- 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG New entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Initial value
- 2017-05-11T02:29:02Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
- 2017-05-11T02:29:02Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
- 2017-05-11T02:29:02Z DEBUG gidNumber=%{gidNumber}
- 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")
- 2017-05-11T02:29:02Z DEBUG memberUid=%deref_r("member","uid")
- 2017-05-11T02:29:02Z DEBUG objectclass=posixGroup
- 2017-05-11T02:29:02Z DEBUG memberUid=%{memberUid}
- 2017-05-11T02:29:02Z DEBUG ipaanchoruuid=%{ipaanchoruuid}
- 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
- 2017-05-11T02:29:02Z DEBUG cn:
- 2017-05-11T02:29:02Z DEBUG groups
- 2017-05-11T02:29:02Z DEBUG objectClass:
- 2017-05-11T02:29:02Z DEBUG top
- 2017-05-11T02:29:02Z DEBUG extensibleObject
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
- 2017-05-11T02:29:02Z DEBUG objectclass=posixGroup
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
- 2017-05-11T02:29:02Z DEBUG cn=groups
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
- 2017-05-11T02:29:02Z DEBUG cn=%{cn}
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
- 2017-05-11T02:29:02Z DEBUG cn=groups, cn=accounts, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
- 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Final value after applying updates
- 2017-05-11T02:29:02Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
- 2017-05-11T02:29:02Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
- 2017-05-11T02:29:02Z DEBUG gidNumber=%{gidNumber}
- 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")
- 2017-05-11T02:29:02Z DEBUG memberUid=%deref_r("member","uid")
- 2017-05-11T02:29:02Z DEBUG objectclass=posixGroup
- 2017-05-11T02:29:02Z DEBUG memberUid=%{memberUid}
- 2017-05-11T02:29:02Z DEBUG ipaanchoruuid=%{ipaanchoruuid}
- 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
- 2017-05-11T02:29:02Z DEBUG cn:
- 2017-05-11T02:29:02Z DEBUG groups
- 2017-05-11T02:29:02Z DEBUG objectClass:
- 2017-05-11T02:29:02Z DEBUG top
- 2017-05-11T02:29:02Z DEBUG extensibleObject
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
- 2017-05-11T02:29:02Z DEBUG objectclass=posixGroup
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
- 2017-05-11T02:29:02Z DEBUG cn=groups
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
- 2017-05-11T02:29:02Z DEBUG cn=%{cn}
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
- 2017-05-11T02:29:02Z DEBUG cn=groups, cn=accounts, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
- 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG New entry: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Initial value
- 2017-05-11T02:29:02Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG add: 'top' to objectClass, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['top']
- 2017-05-11T02:29:02Z DEBUG add: 'extensibleObject' to objectClass, current value ['top']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['top', 'extensibleObject']
- 2017-05-11T02:29:02Z DEBUG add: 'ng' to cn, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['ng']
- 2017-05-11T02:29:02Z DEBUG add: 'cn=compat, dc=rdlg,dc=net' to schema-compat-container-group, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=compat, dc=rdlg,dc=net']
- 2017-05-11T02:29:02Z DEBUG add: 'cn=ng' to schema-compat-container-rdn, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=ng']
- 2017-05-11T02:29:02Z DEBUG add: 'yes' to schema-compat-check-access, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['yes']
- 2017-05-11T02:29:02Z DEBUG add: 'cn=ng, cn=alt, dc=rdlg,dc=net' to schema-compat-search-base, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=ng, cn=alt, dc=rdlg,dc=net']
- 2017-05-11T02:29:02Z DEBUG add: '(objectclass=ipaNisNetgroup)' to schema-compat-search-filter, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['(objectclass=ipaNisNetgroup)']
- 2017-05-11T02:29:02Z DEBUG add: 'cn=%{cn}' to schema-compat-entry-rdn, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=%{cn}']
- 2017-05-11T02:29:02Z DEBUG add: 'objectclass=nisNetgroup' to schema-compat-entry-attribute, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=nisNetgroup']
- 2017-05-11T02:29:02Z DEBUG add: 'memberNisNetgroup=%deref_r("member","cn")' to schema-compat-entry-attribute, current value ['objectclass=nisNetgroup']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")']
- 2017-05-11T02:29:02Z DEBUG add: 'nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})' to schema-compat-entry-attribute, current value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup', 'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","-",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","-"),%{nisDomainName:-})']
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Final value after applying updates
- 2017-05-11T02:29:02Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
- 2017-05-11T02:29:02Z DEBUG memberNisNetgroup=%deref_r("member","cn")
- 2017-05-11T02:29:02Z DEBUG objectclass=nisNetgroup
- 2017-05-11T02:29:02Z DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})
- 2017-05-11T02:29:02Z DEBUG schema-compat-check-access:
- 2017-05-11T02:29:02Z DEBUG yes
- 2017-05-11T02:29:02Z DEBUG cn:
- 2017-05-11T02:29:02Z DEBUG ng
- 2017-05-11T02:29:02Z DEBUG objectClass:
- 2017-05-11T02:29:02Z DEBUG top
- 2017-05-11T02:29:02Z DEBUG extensibleObject
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
- 2017-05-11T02:29:02Z DEBUG (objectclass=ipaNisNetgroup)
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
- 2017-05-11T02:29:02Z DEBUG cn=ng
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
- 2017-05-11T02:29:02Z DEBUG cn=%{cn}
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
- 2017-05-11T02:29:02Z DEBUG cn=ng, cn=alt, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
- 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG New entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Initial value
- 2017-05-11T02:29:02Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG add: 'top' to objectClass, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['top']
- 2017-05-11T02:29:02Z DEBUG add: 'extensibleObject' to objectClass, current value ['top']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['top', 'extensibleObject']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoers' to cn, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoers']
- 2017-05-11T02:29:02Z DEBUG add: 'ou=SUDOers, dc=rdlg,dc=net' to schema-compat-container-group, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['ou=SUDOers, dc=rdlg,dc=net']
- 2017-05-11T02:29:02Z DEBUG add: 'cn=sudorules, cn=sudo, dc=rdlg,dc=net' to schema-compat-search-base, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=sudorules, cn=sudo, dc=rdlg,dc=net']
- 2017-05-11T02:29:02Z DEBUG add: '(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))' to schema-compat-search-filter, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))']
- 2017-05-11T02:29:02Z DEBUG add: '%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")' to schema-compat-entry-rdn, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")']
- 2017-05-11T02:29:02Z DEBUG add: 'objectclass=sudoRole' to schema-compat-entry-attribute, current value []
- 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=sudoRole']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
- 2017-05-11T02:29:02Z DEBUG add: 'sudoOption=%{ipaSudoOpt}' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
- 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}']
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Final value after applying updates
- 2017-05-11T02:29:02Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
- 2017-05-11T02:29:02Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")
- 2017-05-11T02:29:02Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")
- 2017-05-11T02:29:02Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")
- 2017-05-11T02:29:02Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")
- 2017-05-11T02:29:02Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")
- 2017-05-11T02:29:02Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")
- 2017-05-11T02:29:02Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")
- 2017-05-11T02:29:02Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")
- 2017-05-11T02:29:02Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")
- 2017-05-11T02:29:02Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")
- 2017-05-11T02:29:02Z DEBUG objectclass=sudoRole
- 2017-05-11T02:29:02Z DEBUG sudoOption=%{ipaSudoOpt}
- 2017-05-11T02:29:02Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")
- 2017-05-11T02:29:02Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")
- 2017-05-11T02:29:02Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")
- 2017-05-11T02:29:02Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")
- 2017-05-11T02:29:02Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")
- 2017-05-11T02:29:02Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")
- 2017-05-11T02:29:02Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")
- 2017-05-11T02:29:02Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd")
- 2017-05-11T02:29:02Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")
- 2017-05-11T02:29:02Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")
- 2017-05-11T02:29:02Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")
- 2017-05-11T02:29:02Z DEBUG cn:
- 2017-05-11T02:29:02Z DEBUG sudoers
- 2017-05-11T02:29:02Z DEBUG objectClass:
- 2017-05-11T02:29:02Z DEBUG top
- 2017-05-11T02:29:02Z DEBUG extensibleObject
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
- 2017-05-11T02:29:02Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
- 2017-05-11T02:29:02Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
- 2017-05-11T02:29:02Z DEBUG cn=sudorules, cn=sudo, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
- 2017-05-11T02:29:02Z DEBUG ou=SUDOers, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG New entry: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Initial value
- 2017-05-11T02:29:02Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
- 2017-05-11T02:29:02Z DEBUG objectclass=device
- 2017-05-11T02:29:02Z DEBUG cn=%{fqdn}
- 2017-05-11T02:29:02Z DEBUG macAddress=%{macAddress}
- 2017-05-11T02:29:02Z DEBUG objectclass=ieee802Device
- 2017-05-11T02:29:02Z DEBUG cn:
- 2017-05-11T02:29:02Z DEBUG computers
- 2017-05-11T02:29:02Z DEBUG objectClass:
- 2017-05-11T02:29:02Z DEBUG top
- 2017-05-11T02:29:02Z DEBUG extensibleObject
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
- 2017-05-11T02:29:02Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
- 2017-05-11T02:29:02Z DEBUG cn=computers
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
- 2017-05-11T02:29:02Z DEBUG cn=%first("%{fqdn}")
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
- 2017-05-11T02:29:02Z DEBUG cn=computers, cn=accounts, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
- 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Final value after applying updates
- 2017-05-11T02:29:02Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
- 2017-05-11T02:29:02Z DEBUG objectclass=device
- 2017-05-11T02:29:02Z DEBUG cn=%{fqdn}
- 2017-05-11T02:29:02Z DEBUG macAddress=%{macAddress}
- 2017-05-11T02:29:02Z DEBUG objectclass=ieee802Device
- 2017-05-11T02:29:02Z DEBUG cn:
- 2017-05-11T02:29:02Z DEBUG computers
- 2017-05-11T02:29:02Z DEBUG objectClass:
- 2017-05-11T02:29:02Z DEBUG top
- 2017-05-11T02:29:02Z DEBUG extensibleObject
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
- 2017-05-11T02:29:02Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
- 2017-05-11T02:29:02Z DEBUG cn=computers
- 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
- 2017-05-11T02:29:02Z DEBUG cn=%first("%{fqdn}")
- 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
- 2017-05-11T02:29:02Z DEBUG cn=computers, cn=accounts, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
- 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
- 2017-05-11T02:29:02Z DEBUG Updating existing entry: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Initial value
- 2017-05-11T02:29:02Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
- 2017-05-11T02:29:02Z DEBUG objectClass:
- 2017-05-11T02:29:02Z DEBUG top
- 2017-05-11T02:29:02Z DEBUG directoryServerFeature
- 2017-05-11T02:29:02Z DEBUG aci:
- 2017-05-11T02:29:02Z DEBUG (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)
- 2017-05-11T02:29:02Z DEBUG oid:
- 2017-05-11T02:29:02Z DEBUG 2.16.840.1.113730.3.4.9
- 2017-05-11T02:29:02Z DEBUG cn:
- 2017-05-11T02:29:02Z DEBUG VLV Request Control
- 2017-05-11T02:29:02Z DEBUG only: set aci to '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )', current value ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)']
- 2017-05-11T02:29:02Z DEBUG only: updated value ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']
- 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
- 2017-05-11T02:29:02Z DEBUG Final value after applying updates
- 2017-05-11T02:29:02Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
- 2017-05-11T02:29:02Z DEBUG objectClass:
- 2017-05-11T02:29:02Z DEBUG top
- 2017-05-11T02:29:02Z DEBUG directoryServerFeature
- 2017-05-11T02:29:02Z DEBUG aci:
- 2017-05-11T02:29:02Z DEBUG (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )
- 2017-05-11T02:29:02Z DEBUG oid:
- 2017-05-11T02:29:02Z DEBUG 2.16.840.1.113730.3.4.9
- 2017-05-11T02:29:02Z DEBUG cn:
- 2017-05-11T02:29:02Z DEBUG VLV Request Control
- 2017-05-11T02:29:02Z DEBUG [(0, u'aci', ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']), (1, u'aci', ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'])]
- 2017-05-11T02:29:02Z DEBUG Updated 1
- 2017-05-11T02:29:02Z DEBUG Done
- 2017-05-11T02:29:02Z DEBUG Destroyed connection context.ldap2_89920016
- 2017-05-11T02:29:02Z DEBUG duration: 1 seconds
- 2017-05-11T02:29:02Z DEBUG [44/47]: activating sidgen plugin
- 2017-05-11T02:29:02Z DEBUG Starting external process
- 2017-05-11T02:29:02Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpcrxD4O -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpKPxyGP
- 2017-05-11T02:29:02Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:02Z DEBUG stdout=add objectclass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- IPA SIDGEN
- add nsslapd-pluginpath:
- libipa_sidgen
- add nsslapd-plugininitfunc:
- ipa_sidgen_init
- add nsslapd-plugintype:
- postoperation
- add nsslapd-pluginenabled:
- on
- add nsslapd-pluginid:
- ipa_sidgen_postop
- add nsslapd-pluginversion:
- 1.0
- add nsslapd-pluginvendor:
- Red Hat, Inc.
- add nsslapd-plugindescription:
- IPA SIDGEN post operation
- add nsslapd-plugin-depends-on-type:
- database
- add nsslapd-basedn:
- dc=rdlg,dc=net
- adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:29:02Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:02Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:02Z DEBUG [45/47]: activating extdom plugin
- 2017-05-11T02:29:02Z DEBUG Starting external process
- 2017-05-11T02:29:02Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmprEAnAv -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp2hBUWd
- 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:03Z DEBUG stdout=add objectclass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- ipa_extdom_extop
- add nsslapd-pluginpath:
- libipa_extdom_extop
- add nsslapd-plugininitfunc:
- ipa_extdom_init
- add nsslapd-plugintype:
- extendedop
- add nsslapd-pluginenabled:
- on
- add nsslapd-pluginid:
- ipa_extdom_extop
- add nsslapd-pluginversion:
- 1.0
- add nsslapd-pluginvendor:
- RedHat
- add nsslapd-plugindescription:
- Support resolving IDs in trusted domains to names and back
- add nsslapd-plugin-depends-on-type:
- database
- add nsslapd-basedn:
- dc=rdlg,dc=net
- adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:29:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:03Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:03Z DEBUG [46/47]: tuning directory server
- 2017-05-11T02:29:03Z DEBUG Starting external process
- 2017-05-11T02:29:03Z DEBUG args=/usr/sbin/selinuxenabled
- 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:03Z DEBUG stdout=
- 2017-05-11T02:29:03Z DEBUG stderr=
- 2017-05-11T02:29:03Z DEBUG Starting external process
- 2017-05-11T02:29:03Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv.systemd
- 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:03Z DEBUG stdout=
- 2017-05-11T02:29:03Z DEBUG stderr=
- 2017-05-11T02:29:03Z DEBUG Starting external process
- 2017-05-11T02:29:03Z DEBUG args=/bin/systemctl --system daemon-reload
- 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:03Z DEBUG stdout=
- 2017-05-11T02:29:03Z DEBUG stderr=
- 2017-05-11T02:29:03Z DEBUG Starting external process
- 2017-05-11T02:29:03Z DEBUG args=/bin/systemctl --system daemon-reload
- 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:03Z DEBUG stdout=
- 2017-05-11T02:29:03Z DEBUG stderr=
- 2017-05-11T02:29:03Z DEBUG Starting external process
- 2017-05-11T02:29:03Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service
- 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:04Z DEBUG stdout=
- 2017-05-11T02:29:04Z DEBUG stderr=
- 2017-05-11T02:29:04Z DEBUG Starting external process
- 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
- 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:04Z DEBUG stdout=active
- 2017-05-11T02:29:04Z DEBUG stderr=
- 2017-05-11T02:29:04Z DEBUG wait_for_open_ports: localhost [389] timeout 300
- 2017-05-11T02:29:04Z DEBUG Starting external process
- 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
- 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:04Z DEBUG stdout=active
- 2017-05-11T02:29:04Z DEBUG stderr=
- 2017-05-11T02:29:04Z DEBUG Starting external process
- 2017-05-11T02:29:04Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpxGj6jQ -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp43ffA4
- 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:04Z DEBUG stdout=replace nsslapd-maxdescriptors:
- 8192
- replace nsslapd-reservedescriptors:
- 64
- modifying entry "cn=config"
- modify complete
- 2017-05-11T02:29:04Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
- 2017-05-11T02:29:04Z DEBUG duration: 1 seconds
- 2017-05-11T02:29:04Z DEBUG [47/47]: configuring directory to start on boot
- 2017-05-11T02:29:04Z DEBUG Starting external process
- 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-enabled dirsrv@RDLG-NET.service
- 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:04Z DEBUG stdout=enabled
- 2017-05-11T02:29:04Z DEBUG stderr=
- 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:29:04Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:29:04Z DEBUG Starting external process
- 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl disable dirsrv@RDLG-NET.service
- 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:04Z DEBUG stdout=
- 2017-05-11T02:29:04Z DEBUG stderr=Removed symlink /etc/systemd/system/dirsrv.target.wants/dirsrv@RDLG-NET.service.
- 2017-05-11T02:29:04Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:04Z DEBUG Done configuring directory server (dirsrv).
- 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:29:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
- 2017-05-11T02:29:04Z DEBUG Starting external process
- 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-active ntpd.service
- 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:04Z DEBUG stdout=active
- 2017-05-11T02:29:04Z DEBUG stderr=
- 2017-05-11T02:29:04Z DEBUG Starting external process
- 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl disable ntpd.service
- 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:04Z DEBUG stdout=
- 2017-05-11T02:29:04Z DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/ntpd.service.
- 2017-05-11T02:29:04Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:29:04Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x34c0ef0>
- 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
- 2017-05-11T02:29:04Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
- 2017-05-11T02:29:04Z DEBUG Starting external process
- 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl start ntpd.service
- 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:04Z DEBUG stdout=
- 2017-05-11T02:29:04Z DEBUG stderr=
- 2017-05-11T02:29:04Z DEBUG Starting external process
- 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-active ntpd.service
- 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
- 2017-05-11T02:29:04Z DEBUG stdout=active
- 2017-05-11T02:29:04Z DEBUG stderr=
- 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:29:04Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds
- 2017-05-11T02:29:04Z DEBUG [1/31]: creating certificate server user
- 2017-05-11T02:29:04Z DEBUG group pkiuser exists
- 2017-05-11T02:29:04Z DEBUG user pkiuser exists
- 2017-05-11T02:29:04Z DEBUG duration: 0 seconds
- 2017-05-11T02:29:04Z DEBUG [2/31]: configuring certificate server instance
- 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:29:04Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:29:04Z DEBUG Contents of pkispawn configuration file (/tmp/tmpBfvvBv):
- [CA]
- pki_security_domain_name = IPA
- pki_enable_proxy = True
- pki_restart_configured_instance = False
- pki_backup_keys = True
- pki_backup_password = XXXXXXXX
- pki_profiles_in_ldap = True
- pki_default_ocsp_uri = http://ipa-ca.rdlg.net/ca/ocsp
- pki_client_database_dir = /tmp/tmp-2dhsv2
- pki_client_database_password = XXXXXXXX
- pki_client_database_purge = False
- pki_client_pkcs12_password = XXXXXXXX
- pki_admin_name = admin
- pki_admin_uid = admin
- pki_admin_email = root@localhost
- pki_admin_password = XXXXXXXX
- pki_admin_nickname = ipa-ca-agent
- pki_admin_subject_dn = cn=ipa-ca-agent,O=RDLG.NET
- pki_client_admin_cert_p12 = /root/ca-agent.p12
- pki_ds_ldap_port = 389
- pki_ds_password = XXXXXXXX
- pki_ds_base_dn = o=ipaca
- pki_ds_database = ipaca
- pki_subsystem_subject_dn = cn=CA Subsystem,O=RDLG.NET
- pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=RDLG.NET
- pki_ssl_server_subject_dn = cn=ipa.rdlg.net,O=RDLG.NET
- pki_audit_signing_subject_dn = cn=CA Audit,O=RDLG.NET
- pki_ca_signing_subject_dn = cn=Certificate Authority,O=RDLG.NET
- pki_subsystem_nickname = subsystemCert cert-pki-ca
- pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca
- pki_ssl_server_nickname = Server-Cert cert-pki-ca
- pki_audit_signing_nickname = auditSigningCert cert-pki-ca
- pki_ca_signing_nickname = caSigningCert cert-pki-ca
- pki_ca_signing_key_algorithm = SHA256withRSA
- 2017-05-11T02:29:04Z DEBUG Starting external process
- 2017-05-11T02:29:04Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpBfvvBv
- 2017-05-11T02:30:01Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:01Z DEBUG stdout=Log file: /var/log/pki/pki-ca-spawn.20170510202904.log
- Loading deployment configuration from /tmp/tmpBfvvBv.
- Installing CA into /var/lib/pki/pki-tomcat.
- Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
- ==========================================================================
- INSTALLATION SUMMARY
- ==========================================================================
- Administrator's username: admin
- Administrator's PKCS #12 file:
- /root/ca-agent.p12
- Administrator's certificate nickname:
- ipa-ca-agent
- Administrator's certificate database:
- /tmp/tmp-2dhsv2
- To check the status of the subsystem:
- systemctl status pki-tomcatd@pki-tomcat.service
- To restart the subsystem:
- systemctl restart pki-tomcatd@pki-tomcat.service
- The URL for the subsystem is:
- https://ipa.rdlg.net:8443/ca
- PKI instances will be enabled upon system boot
- ==========================================================================
- 2017-05-11T02:30:01Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
- Created symlink from /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target to /usr/lib/systemd/system/pki-tomcatd.target.
- 2017-05-11T02:30:01Z DEBUG completed creating ca instance
- 2017-05-11T02:30:01Z DEBUG duration: 56 seconds
- 2017-05-11T02:30:01Z DEBUG [3/31]: stopping certificate server instance to update CS.cfg
- 2017-05-11T02:30:01Z DEBUG Starting external process
- 2017-05-11T02:30:01Z DEBUG args=/bin/systemctl stop pki-tomcatd@pki-tomcat.service
- 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:02Z DEBUG stdout=
- 2017-05-11T02:30:02Z DEBUG stderr=
- 2017-05-11T02:30:02Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:02Z DEBUG [4/31]: backing up CS.cfg
- 2017-05-11T02:30:02Z DEBUG Starting external process
- 2017-05-11T02:30:02Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
- 2017-05-11T02:30:02Z DEBUG Process finished, return code=3
- 2017-05-11T02:30:02Z DEBUG stdout=inactive
- 2017-05-11T02:30:02Z DEBUG stderr=
- 2017-05-11T02:30:02Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:02Z DEBUG [5/31]: disabling nonces
- 2017-05-11T02:30:02Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:02Z DEBUG [6/31]: set up CRL publishing
- 2017-05-11T02:30:02Z DEBUG Starting external process
- 2017-05-11T02:30:02Z DEBUG args=/usr/sbin/selinuxenabled
- 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:02Z DEBUG stdout=
- 2017-05-11T02:30:02Z DEBUG stderr=
- 2017-05-11T02:30:02Z DEBUG Starting external process
- 2017-05-11T02:30:02Z DEBUG args=/sbin/restorecon /var/lib/ipa/pki-ca/publish
- 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:02Z DEBUG stdout=
- 2017-05-11T02:30:02Z DEBUG stderr=
- 2017-05-11T02:30:02Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:02Z DEBUG [7/31]: enable PKIX certificate path discovery and validation
- 2017-05-11T02:30:02Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:02Z DEBUG [8/31]: starting certificate server instance
- 2017-05-11T02:30:02Z DEBUG Starting external process
- 2017-05-11T02:30:02Z DEBUG args=/bin/systemctl start pki-tomcatd@pki-tomcat.service
- 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:02Z DEBUG stdout=
- 2017-05-11T02:30:02Z DEBUG stderr=
- 2017-05-11T02:30:02Z DEBUG Starting external process
- 2017-05-11T02:30:02Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
- 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:02Z DEBUG stdout=active
- 2017-05-11T02:30:02Z DEBUG stderr=
- 2017-05-11T02:30:02Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
- 2017-05-11T02:30:04Z DEBUG Waiting until the CA is running
- 2017-05-11T02:30:04Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus
- 2017-05-11T02:30:04Z DEBUG request body ''
- 2017-05-11T02:30:12Z DEBUG response status 200
- 2017-05-11T02:30:12Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:12 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:12Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>'
- 2017-05-11T02:30:12Z DEBUG The CA status is: running
- 2017-05-11T02:30:12Z DEBUG duration: 10 seconds
- 2017-05-11T02:30:12Z DEBUG [9/31]: creating RA agent certificate database
- 2017-05-11T02:30:12Z DEBUG Starting external process
- 2017-05-11T02:30:12Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -N
- 2017-05-11T02:30:12Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:12Z DEBUG stdout=
- 2017-05-11T02:30:12Z DEBUG stderr=
- 2017-05-11T02:30:12Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:12Z DEBUG [10/31]: importing CA chain to RA certificate database
- 2017-05-11T02:30:12Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:30:12Z DEBUG Starting external process
- 2017-05-11T02:30:12Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L
- 2017-05-11T02:30:12Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:12Z DEBUG stdout=
- Certificate Nickname Trust Attributes
- SSL,S/MIME,JAR/XPI
- 2017-05-11T02:30:12Z DEBUG stderr=
- 2017-05-11T02:30:12Z DEBUG Starting external process
- 2017-05-11T02:30:12Z DEBUG args=/usr/bin/openssl pkcs7 -inform DER -print_certs
- 2017-05-11T02:30:12Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:12Z DEBUG stdout=subject=/O=RDLG.NET/CN=Certificate Authority
- issuer=/O=RDLG.NET/CN=Certificate Authority
- -----BEGIN CERTIFICATE-----
- MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
- Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
- Mjk1NloXDTM3MDUxMTAyMjk1NlowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV
- BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
- ADCCAQoCggEBAL7p94qOWxiCMRT+Engmh3SKl6MFWOgXWnYfZYd8DikRR+Lhstl0
- LYHb9OEbJW7VjhHu6TYfAyunXx1i/FWbDQy+5H/qWUZDUPNeg6D7HsJOnWjEpWsf
- 0Y8IR4dqb0nsbvscGZOY6IfxWBvTcoUpb6fATZnjJYJEXKvbwk3Fnedb/yt3Xu4j
- mPa59Ey0M43q2oRtgwZKyxn2Jjqkoze27Q6sdvCeHOlFy3kX5tzoTtmQ1moZlkYY
- a5crBdiZjG+PIv3VocYU2RzA4/r08Cs173Qpe1TLou/4zJ4Ru7qq1gbWHIN0ZDXB
- eO/CGO4iutUTzFZmrKh/eGr5l1EAXEQry+0CAwEAAaOBoDCBnTAfBgNVHSMEGDAW
- gBTKFHJz+E5g4+IfmXy8Iq2YQzXe8zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
- /wQEAwIBxjAdBgNVHQ4EFgQUyhRyc/hOYOPiH5l8vCKtmEM13vMwOgYIKwYBBQUH
- AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j
- c3AwDQYJKoZIhvcNAQELBQADggEBAAe2GwBcMyjzUn24OAMxBSDmJTr49ByS4+zu
- 7Y7gXVuS5lvMOm+DaM9UZXkQtvPwB3XtOrhX0USUhq1uhDuh2bYfkxKekGPWYyo0
- 1jDpvBp8IQaD9tcAJcc+KcAmdN2hV5r372xhWosMlT+gkqNm1tpQ15kzrHJHgGRy
- 243aRtXVr1RdTCNOm7Qplj5+xXtFyElcSFkrsqvoQrKnp0GY81zw6OmdQaC4GYAv
- uZazc5OlNNpGLDYtN5iT4VR4fIdYkfi174VtNlR1O9ZGZ+on863r9CTUhHmnzz5I
- /EfCR4uOA6jCe2XbGJMVhdZzMFWKH1ddo6WHyuzBQANOuqlAt5E=
- -----END CERTIFICATE-----
- 2017-05-11T02:30:12Z DEBUG stderr=
- 2017-05-11T02:30:12Z DEBUG Starting external process
- 2017-05-11T02:30:12Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -A -t CT,C,C -n RDLG.NET IPA CA -a -i /tmp/tmpcz6QUn
- 2017-05-11T02:30:12Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:12Z DEBUG stdout=
- 2017-05-11T02:30:12Z DEBUG stderr=
- 2017-05-11T02:30:12Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:12Z DEBUG [11/31]: fixing RA database permissions
- 2017-05-11T02:30:12Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:12Z DEBUG [12/31]: setting up signing cert profile
- 2017-05-11T02:30:12Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:12Z DEBUG [13/31]: setting audit signing renewal to 2 years
- 2017-05-11T02:30:12Z DEBUG caSignedLogCert.cfg profile validity range is 720
- 2017-05-11T02:30:12Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:12Z DEBUG [14/31]: restarting certificate server
- 2017-05-11T02:30:12Z DEBUG Starting external process
- 2017-05-11T02:30:12Z DEBUG args=/bin/systemctl restart pki-tomcatd@pki-tomcat.service
- 2017-05-11T02:30:13Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:13Z DEBUG stdout=
- 2017-05-11T02:30:13Z DEBUG stderr=
- 2017-05-11T02:30:13Z DEBUG Starting external process
- 2017-05-11T02:30:13Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
- 2017-05-11T02:30:13Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:13Z DEBUG stdout=active
- 2017-05-11T02:30:13Z DEBUG stderr=
- 2017-05-11T02:30:13Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
- 2017-05-11T02:30:15Z DEBUG Waiting until the CA is running
- 2017-05-11T02:30:15Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus
- 2017-05-11T02:30:15Z DEBUG request body ''
- 2017-05-11T02:30:23Z DEBUG response status 200
- 2017-05-11T02:30:23Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:23 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:23Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>'
- 2017-05-11T02:30:23Z DEBUG The CA status is: running
- 2017-05-11T02:30:23Z DEBUG duration: 10 seconds
- 2017-05-11T02:30:23Z DEBUG [15/31]: requesting RA certificate from CA
- 2017-05-11T02:30:23Z DEBUG Starting external process
- 2017-05-11T02:30:23Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -R -k rsa -g 2048 -s CN=IPA RA,O=RDLG.NET -z /tmp/tmpHaL6YB -a
- 2017-05-11T02:30:23Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:23Z DEBUG stdout=
- Certificate request generated by Netscape certutil
- Phone: (not specified)
- Common Name: IPA RA
- Email: (not specified)
- Organization: RDLG.NET
- State: (not specified)
- Country: (not specified)
- -----BEGIN NEW CERTIFICATE REQUEST-----
- MIICaTCCAVECAQAwJDERMA8GA1UEChMIUkRMRy5ORVQxDzANBgNVBAMTBklQQSBS
- QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlu5e8Xc+VhRyyy8agF
- WShlsQoyoSUww/uGjgh4vwV6gMFKxaM6US49Y9EdunpJdPgPQLjn98r/bTjapGgb
- Hxz27dVGLEbH6K/eNFRGBhAqGhekCa2/9abQh3TRFJoR5vyhKg5tyVkw+qceyp2p
- xcLS1XfVTmhDILu+0drTA2XBO7oQEwNKuOBfORxYoxo43WA7ijkwz5gz0Wr4LVGW
- Kn+sCtN7nY1Xi+R/B8Z9QkYrRXdg8uk+SbHgSFCadyTvgrD/F/LTFt3rK/P/HCMc
- lK8MSB4uv1ZZSw5XvjLBPzZykalxOPU+KjHxYlNGjUsF2TGo0LwB1FL573wK717+
- Ke0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCcjwvNBRYY9ssiXkZ5DUKluWIz
- 2ppI50X5LNlUAcvWAc5S6ncQ09R/8K/6fSrCb37ur12fhFtgRdrBNvKJudDBBmNu
- JYt3DOGo8dQhyG9Oz3kU0gdOnhCVcAF2bsTcyjKcZk9M/SCRd3QViXApOf+BXw/s
- 4H/LKpqEBeMdEypRIZ3QGDl+fhUBAg7mcvFmgBSodYymAePxc4DAx7O2No9/M4Bj
- Dj7Tr/7hyXWaU/rb1Or30xunW7doxIzO7sfix9PbdQSqVjrBGxrw2xOu+lc4DpAU
- Sre49sLKmW4LEP0+ar/vpg6rWm13bEbG0VtfxQWplUbCz0V8OmB9E4dBPeS1
- -----END NEW CERTIFICATE REQUEST-----
- 2017-05-11T02:30:23Z DEBUG stderr=
- Generating key. This may take a few moments...
- 2017-05-11T02:30:23Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:23Z DEBUG [16/31]: issuing RA agent certificate
- 2017-05-11T02:30:23Z DEBUG Starting external process
- 2017-05-11T02:30:23Z DEBUG args=/usr/bin/certutil -d /tmp/tmp-2dhsv2 -O -n ipa-ca-agent
- 2017-05-11T02:30:23Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:23Z DEBUG stdout="ipa-ca-agent" [CN=ipa-ca-agent,O=RDLG.NET]
- 2017-05-11T02:30:23Z DEBUG stderr=
- 2017-05-11T02:30:23Z DEBUG Starting external process
- 2017-05-11T02:30:23Z DEBUG args=/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-2dhsv2 -r /ca/agent/ca/profileReview?requestId=7 ipa.rdlg.net:8443
- 2017-05-11T02:30:24Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:24Z DEBUG stdout=HTTP/1.1 200 OK
- Server: Apache-Coyote/1.1
- Content-Type: text/html;charset=UTF-8
- Date: Thu, 11 May 2017 02:30:23 GMT
- Connection: close
- <!-- --- BEGIN COPYRIGHT BLOCK ---
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- Copyright (C) 2007 Red Hat, Inc.
- All rights reserved.
- --- END COPYRIGHT BLOCK --- -->
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
- <html>
- <script type="text/javascript">
- requestNotes="";
- requestType="enrollment";
- recordSet = new Array;
- record = new Object;
- record.conDesc="This constraint accepts the subject name that matches .*CN=.*";
- record.policyId="1";
- record.defListSet = new Array;
- defList = new Object;
- defList.defId="name";
- defList.defConstraint="null";
- defList.defName="Subject Name";
- defList.defSyntax="string";
- defList.defVal="CN=IPA RA,O=RDLG.NET";
- record.defListSet[0] = defList;
- record.defDesc="This default populates a User-Supplied Certificate Subject Name to the request.";
- recordSet[0] = record;
- record = new Object;
- record.conDesc="This constraint rejects the validity that is not between 720 days.";
- record.policyId="2";
- record.defListSet = new Array;
- defList = new Object;
- defList.defId="notBefore";
- defList.defConstraint="null";
- defList.defName="Not Before";
- defList.defSyntax="string";
- defList.defVal="2017-05-10 20:30:23";
- record.defListSet[0] = defList;
- defList = new Object;
- defList.defId="notAfter";
- defList.defConstraint="null";
- defList.defName="Not After";
- defList.defSyntax="string";
- defList.defVal="2019-04-30 20:30:23";
- record.defListSet[1] = defList;
- record.defDesc="This default populates a Certificate Validity to the request. The default values are Range=720 in days";
- recordSet[1] = record;
- record = new Object;
- record.conDesc="This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521";
- record.policyId="3";
- record.defListSet = new Array;
- defList = new Object;
- defList.defId="TYPE";
- defList.defConstraint="readonly";
- defList.defName="Key Type";
- defList.defSyntax="string";
- defList.defVal="RSA - 1.2.840.113549.1.1.1";
- record.defListSet[0] = defList;
- defList = new Object;
- defList.defId="LEN";
- defList.defConstraint="readonly";
- defList.defName="Key Length";
- defList.defSyntax="string";
- defList.defVal="2048";
- record.defListSet[1] = defList;
- defList = new Object;
- defList.defId="KEY";
- defList.defConstraint="readonly";
- defList.defName="Key";
- defList.defSyntax="string";
- defList.defVal="30:82:01:0A:02:82:01:01:00:C9:6E:E5:EF:17:73:E5:\n61:47:2C:B2:F1:A8:05:59:28:65:B1:0A:32:A1:25:30:\nC3:FB:86:8E:08:78:BF:05:7A:80:C1:4A:C5:A3:3A:51:\n2E:3D:63:D1:1D:BA:7A:49:74:F8:0F:40:B8:E7:F7:CA:\nFF:6D:38:DA:A4:68:1B:1F:1C:F6:ED:D5:46:2C:46:C7:\nE8:AF:DE:34:54:46:06:10:2A:1A:17:A4:09:AD:BF:F5:\nA6:D0:87:74:D1:14:9A:11:E6:FC:A1:2A:0E:6D:C9:59:\n30:FA:A7:1E:CA:9D:A9:C5:C2:D2:D5:77:D5:4E:68:43:\n20:BB:BE:D1:DA:D3:03:65:C1:3B:BA:10:13:03:4A:B8:\nE0:5F:39:1C:58:A3:1A:38:DD:60:3B:8A:39:30:CF:98:\n33:D1:6A:F8:2D:51:96:2A:7F:AC:0A:D3:7B:9D:8D:57:\n8B:E4:7F:07:C6:7D:42:46:2B:45:77:60:F2:E9:3E:49:\nB1:E0:48:50:9A:77:24:EF:82:B0:FF:17:F2:D3:16:DD:\nEB:2B:F3:FF:1C:23:1C:94:AF:0C:48:1E:2E:BF:56:59:\n4B:0E:57:BE:32:C1:3F:36:72:91:A9:71:38:F5:3E:2A:\n31:F1:62:53:46:8D:4B:05:D9:31:A8:D0:BC:01:D4:52:\nF9:EF:7C:0A:EF:5E:FE:29:ED:02:03:01:00:01\n";
- record.defListSet[2] = defList;
- record.defDesc="This default populates a User-Supplied Certificate Key to the request.";
- recordSet[2] = record;
- record = new Object;
- record.conDesc="No Constraint";
- record.policyId="4";
- record.defListSet = new Array;
- defList = new Object;
- defList.defId="critical";
- defList.defConstraint="readonly";
- defList.defName="Criticality";
- defList.defSyntax="string";
- defList.defVal="false";
- record.defListSet[0] = defList;
- defList = new Object;
- defList.defId="keyid";
- defList.defConstraint="readonly";
- defList.defName="Key ID";
- defList.defSyntax="string";
- defList.defVal="CA:14:72:73:F8:4E:60:E3:E2:1F:99:7C:BC:22:AD:98:\n43:35:DE:F3\n";
- record.defListSet[1] = defList;
- record.defDesc="This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.";
- recordSet[3] = record;
- record = new Object;
- record.conDesc="No Constraint";
- record.policyId="5";
- record.defListSet = new Array;
- defList = new Object;
- defList.defId="authInfoAccessCritical";
- defList.defConstraint="null";
- defList.defName="Criticality";
- defList.defSyntax="boolean";
- defList.defVal="false";
- record.defListSet[0] = defList;
- defList = new Object;
- defList.defId="authInfoAccessGeneralNames";
- defList.defConstraint="null";
- defList.defName="General Names";
- defList.defSyntax="string_list";
- defList.defVal="Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://ipa-ca.rdlg.net/ca/ocsp\r\nEnable:true\r\n\r\n";
- record.defListSet[1] = defList;
- record.defDesc="This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}";
- recordSet[4] = record;
- record = new Object;
- record.conDesc="This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false";
- record.policyId="6";
- record.defListSet = new Array;
- defList = new Object;
- defList.defId="keyUsageCritical";
- defList.defConstraint="null";
- defList.defName="Criticality";
- defList.defSyntax="boolean";
- defList.defVal="true";
- record.defListSet[0] = defList;
- defList = new Object;
- defList.defId="keyUsageDigitalSignature";
- defList.defConstraint="null";
- defList.defName="Digital Signature";
- defList.defSyntax="boolean";
- defList.defVal="true";
- record.defListSet[1] = defList;
- defList = new Object;
- defList.defId="keyUsageNonRepudiation";
- defList.defConstraint="null";
- defList.defName="Non-Repudiation";
- defList.defSyntax="boolean";
- defList.defVal="true";
- record.defListSet[2] = defList;
- defList = new Object;
- defList.defId="keyUsageKeyEncipherment";
- defList.defConstraint="null";
- defList.defName="Key Encipherment";
- defList.defSyntax="boolean";
- defList.defVal="true";
- record.defListSet[3] = defList;
- defList = new Object;
- defList.defId="keyUsageDataEncipherment";
- defList.defConstraint="null";
- defList.defName="Data Encipherment";
- defList.defSyntax="boolean";
- defList.defVal="true";
- record.defListSet[4] = defList;
- defList = new Object;
- defList.defId="keyUsageKeyAgreement";
- defList.defConstraint="null";
- defList.defName="Key Agreement";
- defList.defSyntax="boolean";
- defList.defVal="false";
- record.defListSet[5] = defList;
- defList = new Object;
- defList.defId="keyUsageKeyCertSign";
- defList.defConstraint="null";
- defList.defName="Key CertSign";
- defList.defSyntax="boolean";
- defList.defVal="false";
- record.defListSet[6] = defList;
- defList = new Object;
- defList.defId="keyUsageCrlSign";
- defList.defConstraint="null";
- defList.defName="CRL Sign";
- defList.defSyntax="boolean";
- defList.defVal="false";
- record.defListSet[7] = defList;
- defList = new Object;
- defList.defId="keyUsageEncipherOnly";
- defList.defConstraint="null";
- defList.defName="Encipher Only";
- defList.defSyntax="boolean";
- defList.defVal="false";
- record.defListSet[8] = defList;
- defList = new Object;
- defList.defId="keyUsageDecipherOnly";
- defList.defConstraint="null";
- defList.defName="Decipher Only";
- defList.defSyntax="boolean";
- defList.defVal="false";
- record.defListSet[9] = defList;
- record.defDesc="This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false";
- recordSet[5] = record;
- record = new Object;
- record.conDesc="No Constraint";
- record.policyId="7";
- record.defListSet = new Array;
- defList = new Object;
- defList.defId="exKeyUsageCritical";
- defList.defConstraint="null";
- defList.defName="Criticality";
- defList.defSyntax="boolean";
- defList.defVal="false";
- record.defListSet[0] = defList;
- defList = new Object;
- defList.defId="exKeyUsageOIDs";
- defList.defConstraint="null";
- defList.defName="Comma-Separated list of Object Identifiers";
- defList.defSyntax="string_list";
- defList.defVal="1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2";
- record.defListSet[1] = defList;
- record.defDesc="This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2";
- recordSet[6] = record;
- record = new Object;
- record.conDesc="This constraint accepts only the Signing Algorithms of SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC";
- record.policyId="8";
- record.defListSet = new Array;
- defList = new Object;
- defList.defId="signingAlg";
- defList.defConstraint="SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA";
- defList.defName="Signing Algorithm";
- defList.defSyntax="choice";
- defList.defVal="SHA256withRSA";
- record.defListSet[0] = defList;
- record.defDesc="This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA";
- recordSet[7] = record;
- profileDesc="This certificate profile is for enrolling server certificates.";
- inputListSet = new Array;
- inputList = new Object;
- inputList.inputId="cert_request_type";
- inputList.inputName="Certificate Request Type";
- inputList.inputVal="pkcs10";
- inputList.inputSyntax="cert_request_type";
- inputList.inputConstraint="null";
- inputListSet[0] = inputList;
- inputList = new Object;
- inputList.inputId="cert_request";
- inputList.inputName="Certificate Request";
- inputList.inputVal="MIICaTCCAVECAQAwJDERMA8GA1UEChMIUkRMRy5ORVQxDzANBgNVBAMTBklQQSBS\r\nQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlu5e8Xc+VhRyyy8agF\r\nWShlsQoyoSUww/uGjgh4vwV6gMFKxaM6US49Y9EdunpJdPgPQLjn98r/bTjapGgb\r\nHxz27dVGLEbH6K/eNFRGBhAqGhekCa2/9abQh3TRFJoR5vyhKg5tyVkw+qceyp2p\r\nxcLS1XfVTmhDILu+0drTA2XBO7oQEwNKuOBfORxYoxo43WA7ijkwz5gz0Wr4LVGW\r\nKn+sCtN7nY1Xi+R/B8Z9QkYrRXdg8uk+SbHgSFCadyTvgrD/F/LTFt3rK/P/HCMc\r\nlK8MSB4uv1ZZSw5XvjLBPzZykalxOPU+KjHxYlNGjUsF2TGo0LwB1FL573wK717+\r\nKe0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCcjwvNBRYY9ssiXkZ5DUKluWIz\r\n2ppI50X5LNlUAcvWAc5S6ncQ09R/8K/6fSrCb37ur12fhFtgRdrBNvKJudDBBmNu\r\nJYt3DOGo8dQhyG9Oz3kU0gdOnhCVcAF2bsTcyjKcZk9M/SCRd3QViXApOf+BXw/s\r\n4H/LKpqEBeMdEypRIZ3QGDl+fhUBAg7mcvFmgBSodYymAePxc4DAx7O2No9/M4Bj\r\nDj7Tr/7hyXWaU/rb1Or30xunW7doxIzO7sfix9PbdQSqVjrBGxrw2xOu+lc4DpAU\r\nSre49sLKmW4LEP0+ar/vpg6rWm13bEbG0VtfxQWplUbCz0V8OmB9E4dBPeS1\n";
- inputList.inputSyntax="cert_request";
- inputList.inputConstraint="null";
- inputListSet[1] = inputList;
- inputList = new Object;
- inputList.inputId="requestor_name";
- inputList.inputName="Requestor Name";
- inputList.inputVal="IPA Installer";
- inputList.inputSyntax="string";
- inputList.inputConstraint="null";
- inputListSet[2] = inputList;
- inputList = new Object;
- inputList.inputId="requestor_email";
- inputList.inputName="Requestor Email";
- inputList.inputVal="null";
- inputList.inputSyntax="string";
- inputList.inputConstraint="null";
- inputListSet[3] = inputList;
- inputList = new Object;
- inputList.inputId="requestor_phone";
- inputList.inputName="Requestor Phone";
- inputList.inputVal="null";
- inputList.inputSyntax="string";
- inputList.inputConstraint="null";
- inputListSet[4] = inputList;
- errorCode="0";
- requestModificationTime="Wed May 10 20:30:23 MDT 2017";
- profileRemoteAddr="172.20.0.200";
- profileName="Manual Server Certificate Enrollment";
- profileApprovedBy="admin";
- requestOwner="";
- profileId="caServerCert";
- profileRemoteHost="172.20.0.200";
- profileIsVisible="true";
- requestId="7";
- errorReason="";
- requestStatus="pending";
- requestCreationTime="Wed May 10 20:30:23 MDT 2017";
- outputListSet = new Array;
- outputList = new Object;
- outputList.outputId="pretty_cert";
- outputList.outputSyntax="pretty_print";
- outputList.outputVal="null";
- outputList.outputName="Certificate Pretty Print";
- outputList.outputConstraint="null";
- outputListSet[0] = outputList;
- outputList = new Object;
- outputList.outputId="b64_cert";
- outputList.outputSyntax="pretty_print";
- outputList.outputVal="null";
- outputList.outputName="Certificate Base-64 Encoded";
- outputList.outputConstraint="null";
- outputListSet[1] = outputList;
- profileSetId="serverCertSet";
- </script>
- <style>
- TABLE { border-spacing: 0 0; }
- </style>
- <script type="text/javascript">
- function escapeValue(value)
- {
- return value.replace(/"/g,'"');
- }
- function addEscapes(str)
- {
- var outStr = str.replace(/</g, "<");
- outStr = outStr.replace(/>/g, ">");
- return outStr;
- }
- document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request ');
- document.writeln(requestId);
- document.writeln('<br></font>');
- </script>
- <font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font>
- <table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif"
- width="100%">
- <tr>
- <td> </td>
- </tr>
- </table>
- <p>
- <script type="text/javascript">
- if (requestStatus == 'pending') {
- document.writeln('<form method=post action="profileProcess">');
- document.writeln('<input type=hidden name=requestId value=' + requestId + '>');
- }
- document.writeln('<p>');
- document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Request Information</FONT></TD></TR></TABLE>');
- document.writeln('<table border=1 width=100%>');
- document.writeln('<tr>');
- document.writeln('<td width=20%>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Request ID:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(requestId);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Request Type:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(requestType);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Request Status:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(requestStatus);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Requestor Host:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(profileRemoteHost);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Assigned To:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(requestOwner);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Creation Time:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(requestCreationTime);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Modification Time:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(requestModificationTime);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- document.writeln('</table>');
- document.writeln('<p>');
- document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Information</FONT></TD></TR></TABLE>');
- document.writeln('<table border=1 width=100%>');
- document.writeln('<tr>');
- document.writeln('<td width=20%>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Certificate Profile Id:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(profileId);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- document.writeln('<tr>');
- document.writeln('<td width=20%>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Approved By:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(profileApprovedBy);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Certificate Profile Name:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(profileName);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Certificate Profile Description:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(profileDesc);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- document.writeln('</table>');
- document.writeln('<p>');
- if (requestStatus != 'pending') {
- document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>');
- document.writeln('<table width=100% border=1>');
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln(requestNotes);
- document.writeln('</td>');
- document.writeln('</tr>');
- document.writeln('</table>');
- document.writeln('<p>');
- }
- if (profileIsVisible == 'true') {
- document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Inputs</FONT></TD></TR></TABLE>');
- document.writeln('<table border=1 width=100%>');
- document.writeln('<tr>');
- document.writeln('<td width=20%>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Id</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td width=40%>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Input Names</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Input Values</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- for (var i = 0; i < inputListSet.length; i++) {
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(inputListSet[i].inputId);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(inputListSet[i].inputName);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(addEscapes(inputListSet[i].inputVal));
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- }
- document.writeln('</table>');
- document.writeln('<p>');
- }
- if (requestStatus == 'complete') {
- document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Outputs</FONT></TD></TR></TABLE>');
- for (var i = 0; i < outputListSet.length; i++) {
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
- );
- document.writeln('<li>');
- document.writeln(outputListSet[i].outputName);
- document.writeln('</FONT>');
- document.writeln('<p>');
- if (outputListSet[i].outputSyntax == 'string') {
- document.writeln(outputListSet[i].outputVal);
- } else if (outputListSet[i].outputSyntax == 'pretty_print') {
- document.writeln('<pre>');
- document.writeln(outputListSet[i].outputVal);
- document.writeln('</pre>');
- } else if (outputListSet[i].outputSyntax == 'der_b64') {
- document.writeln('<pre>');
- document.writeln('-----BEGIN CERTIFICATE-----');
- document.writeln(outputListSet[i].outputVal);
- document.writeln('-----END CERTIFICATE-----');
- document.writeln('</pre>');
- }
- document.writeln('</p>');
- }
- }
- if (requestStatus == 'pending') {
- document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Policy Information</FONT></TD></TR></TABLE>');
- document.writeln('<table>');
- document.writeln('<tr>');
- document.writeln('<td width=20%>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Certificate Profile Set Id:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(profileSetId);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- document.writeln('</table>');
- document.writeln('<table border=1 width=100%>');
- document.writeln('<tr>');
- document.writeln('<td width=10%>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>#</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td width=45%>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Extensions / Fields</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td width=45%>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Constraints</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- for (var i = 0; i < recordSet.length; i++) {
- document.writeln('<tr valign=top>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(recordSet[i].policyId);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(recordSet[i].defDesc);
- document.writeln('</FONT>');
- document.writeln('<p>');
- document.writeln('<table width=100%>');
- for (var j = 0; j < recordSet[i].defListSet.length; j++) {
- document.writeln('<tr valign=top>');
- if (typeof(recordSet[i].defListSet[j].defName) != 'undefined') {
- document.writeln('<td width=30%><i>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(recordSet[i].defListSet[j].defName + ':');
- document.writeln('</FONT>');
- document.writeln('</i></td>');
- document.writeln('<td width=70%>');
- if (recordSet[i].defListSet[j].defConstraint == 'readonly') {
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(recordSet[i].defListSet[j].defVal);
- document.writeln('</FONT>');
- } else {
- if (recordSet[i].defListSet[j].defSyntax == 'string') {
- document.writeln('<input size=32 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + escapeValue(recordSet[i].defListSet[j].defVal) + '">');
- } else if (recordSet[i].defListSet[j].defSyntax == 'string_list') {
- document.writeln('<textarea cols=40 rows=5 name="' + recordSet[i].defListSet[j].defId + '">' + recordSet[i].defListSet[j].defVal + '</textarea>');
- } else if (recordSet[i].defListSet[j].defSyntax == 'integer') {
- document.writeln('<input size=6 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">');
- } else if (recordSet[i].defListSet[j].defSyntax == 'image_url') {
- document.writeln('<img border=0 src="' + recordSet[i].defListSet[j].defVal + '">');
- document.writeln('<input type=hidden name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">');
- } else if (recordSet[i].defListSet[j].defSyntax == 'choice') {
- document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">');
- var c = recordSet[i].defListSet[j].defConstraint.split(',');
- for(var k = 0; k < c.length; k++) {
- if (recordSet[i].defListSet[j].defVal == c[k]) {
- document.writeln('<option selected value=' + c[k] + '>');
- } else {
- document.writeln('<option value=' + c[k] + '>');
- }
- document.writeln(c[k]);
- document.writeln('</option>');
- }
- document.writeln('</select>');
- } else if (recordSet[i].defListSet[j].defSyntax == 'boolean') {
- document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">');
- if (recordSet[i].defListSet[j].defVal == 'true') {
- document.writeln('<option selected value=true>true</option>');
- document.writeln('<option value=false>false</option>');
- } else {
- document.writeln('<option value=true>true</option>');
- document.writeln('<option selected value=false>false</option>');
- }
- document.writeln('</select>');
- }
- }
- document.writeln('</td>');
- }
- document.writeln('</tr>');
- }
- document.writeln('</table>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(recordSet[i].conDesc);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- } // for
- document.writeln('</table>');
- document.writeln('<p>');
- document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>');
- document.writeln('<textarea cols=40 rows=5 name="requestNotes">' + requestNotes + '</textarea>');
- document.writeln('<p>');
- document.writeln('<SELECT NAME="op">');
- document.writeln('<OPTION VALUE="update">Update request</OPTION>');
- document.writeln('<OPTION VALUE="validate">Validate request</OPTION>');
- document.writeln('<OPTION SELECTED VALUE="approve">Approve request</OPTION>');
- document.writeln('<OPTION VALUE="reject">Reject request</OPTION>');
- document.writeln('<OPTION VALUE="cancel">Cancel request</OPTION>');
- document.writeln('<OPTION VALUE="assign">Assign request</OPTION>');
- document.writeln('<OPTION VALUE="unassign">Unassign request</OPTION>');
- document.writeln('</SELECT>');
- if (typeof(nonce) != "undefined") {
- document.writeln("<INPUT TYPE=hidden name=nonce value=\"" + nonce +"\">");
- }
- document.writeln('<input type=submit name=submit value=submit>');
- document.writeln('</form>');
- } // if
- </script>
- </html>
- Subject: CN=ipa.rdlg.net,O=RDLG.NET
- Issuer : CN=Certificate Authority,O=RDLG.NET
- bulk cipher AES-256, 256 secret key bits, 256 key bits, status: 1
- 2017-05-11T02:30:24Z DEBUG stderr=GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0
- Host: ipa.rdlg.net:8443
- port: 8443
- addr='ipa.rdlg.net'
- family='2'
- IP='172.20.0.200'
- Called mygetclientauthdata - nickname = ipa-ca-agent
- mygetclientauthdata - cert = 1430a70
- mygetclientauthdata - privkey = 1473130
- PR_Write wrote 80 bytes from bigBuf
- bytes: [GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0
- Host: ipa.rdlg.net:8443
- ]
- do_writes shutting down send socket
- do_writes exiting with (result = 0)
- connection 1 read 9000 bytes (9000 total).
- these bytes read:
- connection 1 read 9000 bytes (18000 total).
- these bytes read:
- connection 1 read 9000 bytes (27000 total).
- these bytes read:
- connection 1 read 2697 bytes (29697 total).
- these bytes read:
- connection 1 read 29697 bytes total. -----------------------------
- Done with possible addresses - exiting.
- 2017-05-11T02:30:24Z DEBUG Starting external process
- 2017-05-11T02:30:24Z DEBUG args=/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-2dhsv2 -e exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2017-05-10+20%3A30%3A23&keyUsageCritical=true&submit=submit¬After=2019-04-30+20%3A30%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa-ca.rdlg.net%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DRDLG.NET&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve -r /ca/agent/ca/profileProcess ipa.rdlg.net:8443
- 2017-05-11T02:30:24Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:24Z DEBUG stdout=HTTP/1.1 200 OK
- Server: Apache-Coyote/1.1
- Content-Type: text/html;charset=UTF-8
- Date: Thu, 11 May 2017 02:30:24 GMT
- Connection: close
- <!-- --- BEGIN COPYRIGHT BLOCK ---
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License along
- with this program; if not, write to the Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- Copyright (C) 2007 Red Hat, Inc.
- All rights reserved.
- --- END COPYRIGHT BLOCK --- -->
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
- <html>
- <script type="text/javascript">
- outputListSet = new Array;
- outputList = new Object;
- outputList.outputId="pretty_cert";
- outputList.outputSyntax="pretty_print";
- outputList.outputVal=" Certificate: \n Data: \n Version: v3\n Serial Number: 0x7\n Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Issuer: CN=Certificate Authority,O=RDLG.NET\n Validity: \n Not Before: Wednesday, May 10, 2017 8:30:23 PM MDT America/Denver\n Not After: Tuesday, April 30, 2019 8:30:23 PM MDT America/Denver\n Subject: CN=IPA RA,O=RDLG.NET\n Subject Public Key Info: \n Algorithm: RSA - 1.2.840.113549.1.1.1\n Public Key: \n Exponent: 65537\n Public Key Modulus: (2048 bits) :\n C9:6E:E5:EF:17:73:E5:61:47:2C:B2:F1:A8:05:59:28:\n 65:B1:0A:32:A1:25:30:C3:FB:86:8E:08:78:BF:05:7A:\n 80:C1:4A:C5:A3:3A:51:2E:3D:63:D1:1D:BA:7A:49:74:\n F8:0F:40:B8:E7:F7:CA:FF:6D:38:DA:A4:68:1B:1F:1C:\n F6:ED:D5:46:2C:46:C7:E8:AF:DE:34:54:46:06:10:2A:\n 1A:17:A4:09:AD:BF:F5:A6:D0:87:74:D1:14:9A:11:E6:\n FC:A1:2A:0E:6D:C9:59:30:FA:A7:1E:CA:9D:A9:C5:C2:\n D2:D5:77:D5:4E:68:43:20:BB:BE:D1:DA:D3:03:65:C1:\n 3B:BA:10:13:03:4A:B8:E0:5F:39:1C:58:A3:1A:38:DD:\n 60:3B:8A:39:30:CF:98:33:D1:6A:F8:2D:51:96:2A:7F:\n AC:0A:D3:7B:9D:8D:57:8B:E4:7F:07:C6:7D:42:46:2B:\n 45:77:60:F2:E9:3E:49:B1:E0:48:50:9A:77:24:EF:82:\n B0:FF:17:F2:D3:16:DD:EB:2B:F3:FF:1C:23:1C:94:AF:\n 0C:48:1E:2E:BF:56:59:4B:0E:57:BE:32:C1:3F:36:72:\n 91:A9:71:38:F5:3E:2A:31:F1:62:53:46:8D:4B:05:D9:\n 31:A8:D0:BC:01:D4:52:F9:EF:7C:0A:EF:5E:FE:29:ED\n Extensions: \n Identifier: Authority Key Identifier - 2.5.29.35\n Critical: no \n Key Identifier: \n CA:14:72:73:F8:4E:60:E3:E2:1F:99:7C:BC:22:AD:98:\n 43:35:DE:F3\n Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1\n Critical: no \n Access Description: \n Method #0: ocsp\n Location #0: URIName: http://ipa-ca.rdlg.net/ca/ocsp\n Identifier: Key Usage: - 2.5.29.15\n Critical: yes \n Key Usage: \n Digital Signature \n Non Repudiation \n Key Encipherment \n Data Encipherment \n Identifier: Extended Key Usage: - 2.5.29.37\n Critical: no \n Extended Key Usage: \n 1.3.6.1.5.5.7.3.1\n 1.3.6.1.5.5.7.3.2\n Signature: \n Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Signature: \n 3B:8C:98:2F:C1:51:E0:D2:01:BC:55:30:E8:0D:A5:B0:\n 1B:D2:2F:11:5F:1F:45:24:FD:8B:FF:AB:68:FE:5C:58:\n 65:E2:14:C5:0A:CD:9C:81:80:79:23:FF:67:55:2B:1F:\n 0F:0A:19:97:8D:FC:41:19:C5:51:90:B8:CD:BD:62:B9:\n 88:A7:2D:A7:63:25:67:6B:08:47:FA:88:42:96:09:98:\n AB:21:6A:5E:45:20:5D:61:0F:4F:40:67:32:77:D7:DC:\n 26:45:89:AF:51:DD:17:5C:FA:EF:44:73:95:CC:4C:73:\n C9:EC:88:10:9D:CF:5C:EE:69:05:C4:29:3F:00:1A:CB:\n AC:40:8D:8F:EF:A9:61:9B:8F:2B:39:C8:0D:E5:99:BC:\n ED:5F:4C:79:F1:25:0B:95:16:5A:D7:87:1E:17:F9:7D:\n BC:9B:83:94:C7:26:11:9B:FE:7F:6F:B3:9B:83:FA:EB:\n C1:0F:6F:47:9B:3D:B7:E5:57:56:42:85:F9:DD:F9:87:\n 47:3D:7F:C4:B6:91:E1:5F:78:DF:42:E1:3F:91:99:7A:\n 52:FC:08:74:97:D0:89:C0:26:B1:7E:F8:7C:EC:CB:C7:\n D3:F2:24:8E:3C:43:8B:26:7F:6C:27:45:B8:D8:8F:C5:\n 68:28:D1:9F:24:BF:76:82:5F:4C:D1:0F:1D:E5:D3:E1\n FingerPrint\n MD2:\n A6:46:DE:85:1D:25:12:B4:DD:E9:48:67:58:80:8E:88\n MD5:\n A9:2A:01:41:46:08:23:BB:65:17:F7:F1:7B:3C:B3:3A\n SHA-1:\n 34:63:66:A4:AD:92:9D:05:04:70:41:D9:72:6A:CA:D7:\n E7:F1:23:C1\n SHA-256:\n F1:DA:1C:87:30:36:0A:55:6C:07:F7:A8:46:C9:38:27:\n E1:1A:0A:73:43:2A:05:80:8F:43:1A:73:00:2C:A2:42\n SHA-512:\n 25:29:04:96:00:49:77:3C:32:7C:42:B6:7D:A2:2F:69:\n 9E:48:45:6F:EE:8D:C3:CA:A4:A8:83:02:AE:CF:EE:27:\n BF:24:4B:88:FD:DB:FE:A0:90:CD:C7:3A:31:D1:AB:4C:\n 46:6B:77:CE:F3:F0:75:D2:DC:E6:27:57:02:1A:BE:8F\n";
- outputList.outputName="Certificate Pretty Print";
- outputList.outputConstraint="null";
- outputListSet[0] = outputList;
- outputList = new Object;
- outputList.outputId="b64_cert";
- outputList.outputSyntax="pretty_print";
- outputList.outputVal="-----BEGIN CERTIFICATE-----\nMIIDYjCCAkqgAwIBAgIBBzANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH\r\nLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy\r\nMzAyM1oXDTE5MDUwMTAyMzAyM1owJDERMA8GA1UECgwIUkRMRy5ORVQxDzANBgNV\r\nBAMMBklQQSBSQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlu5e8X\r\nc+VhRyyy8agFWShlsQoyoSUww/uGjgh4vwV6gMFKxaM6US49Y9EdunpJdPgPQLjn\r\n98r/bTjapGgbHxz27dVGLEbH6K/eNFRGBhAqGhekCa2/9abQh3TRFJoR5vyhKg5t\r\nyVkw+qceyp2pxcLS1XfVTmhDILu+0drTA2XBO7oQEwNKuOBfORxYoxo43WA7ijkw\r\nz5gz0Wr4LVGWKn+sCtN7nY1Xi+R/B8Z9QkYrRXdg8uk+SbHgSFCadyTvgrD/F/LT\r\nFt3rK/P/HCMclK8MSB4uv1ZZSw5XvjLBPzZykalxOPU+KjHxYlNGjUsF2TGo0LwB\r\n1FL573wK717+Ke0CAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBTKFHJz+E5g4+IfmXy8\r\nIq2YQzXe8zA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0dHA6Ly9pcGEt\r\nY2EucmRsZy5uZXQvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYI\r\nKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQA7jJgvwVHg0gG8\r\nVTDoDaWwG9IvEV8fRST9i/+raP5cWGXiFMUKzZyBgHkj/2dVKx8PChmXjfxBGcVR\r\nkLjNvWK5iKctp2MlZ2sIR/qIQpYJmKshal5FIF1hD09AZzJ319wmRYmvUd0XXPrv\r\nRHOVzExzyeyIEJ3PXO5pBcQpPwAay6xAjY/vqWGbjys5yA3lmbztX0x58SULlRZa\r\n14ceF/l9vJuDlMcmEZv+f2+zm4P668EPb0ebPbflV1ZChfnd+YdHPX/EtpHhX3jf\r\nQuE/kZl6UvwIdJfQicAmsX74fOzLx9PyJI48Q4smf2wnRbjYj8VoKNGfJL92gl9M\r\n0Q8d5dPh\r\n-----END CERTIFICATE-----\n";
- outputList.outputName="Certificate Base-64 Encoded";
- outputList.outputConstraint="null";
- outputListSet[1] = outputList;
- errorReason="";
- requestType="enrollment";
- profileId="caServerCert";
- requestId="7";
- errorCode="0";
- requestStatus="complete";
- op="approve";
- </script>
- <script type="text/javascript">
- function addEscapes(str)
- {
- var outStr = str.replace(/</g, "<");
- outStr = outStr.replace(/>/g, ">");
- return outStr;
- }
- document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request ');
- if (typeof(requestId) != "undefined") {
- document.writeln(requestId);
- }
- document.writeln('<br></font>');
- </script>
- <font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font>
- <table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
- <tr>
- <td> </td>
- </tr>
- </table>
- <p>
- <script type="text/javascript">
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Request Information:</b>');
- document.writeln('</FONT>');
- document.writeln('<table border=1 width=100%>');
- if (typeof(requestId) != "undefined") {
- document.writeln('<tr>');
- document.writeln('<td width=30%>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Request ID:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<a href="profileReview?requestId=' + requestId + '">');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(requestId);
- document.writeln('</FONT>');
- document.writeln('</a>');
- document.writeln('</td>');
- document.writeln('</tr>');
- }
- if (typeof(requestType) != "undefined") {
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Request Type:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(requestType);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- }
- if (typeof(requestStatus) != "undefined") {
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Request Status:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(requestStatus);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- }
- if (typeof(profileId) != "undefined") {
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Certificate Profile Id:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(profileId);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- }
- if (typeof(op) != "undefined") {
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Operation Requested:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(op);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- }
- if (typeof(errorCode) != "undefined") {
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Error Code:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(errorCode);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- }
- if (typeof(errorReason) != "undefined") {
- document.writeln('<tr>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln('<b>Error Reason:</b>');
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
- document.writeln(errorReason);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('</tr>');
- }
- document.writeln('</table>');
- document.writeln('<p>');
- document.writeln('</table>');
- if (typeof(requestStatus) != "undefined" && requestStatus == 'complete') {
- document.writeln('<table width=100%>');
- for (var i = 0; i < outputListSet.length; i++) {
- document.writeln('<tr valign=top>');
- document.writeln('<td>');
- document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
- );
- document.writeln('<li>');
- document.writeln(outputListSet[i].outputName);
- document.writeln('</FONT>');
- document.writeln('</td>');
- document.writeln('<tr valign=top>');
- document.writeln('</tr>');
- document.writeln('<td>');
- if (outputListSet[i].outputSyntax == 'string') {
- document.writeln(addEscapes(outputListSet[i].outputVal));
- } else if (outputListSet[i].outputSyntax == 'pretty_print') {
- document.writeln('<pre>');
- document.writeln(addEscapes(outputListSet[i].outputVal));
- document.writeln('</pre>');
- }
- document.writeln('</td>');
- document.writeln('</tr>');
- }
- document.writeln('</table>');
- }
- </script>
- </html>
- Subject: CN=ipa.rdlg.net,O=RDLG.NET
- Issuer : CN=Certificate Authority,O=RDLG.NET
- bulk cipher AES-256, 256 secret key bits, 256 key bits, status: 1
- 2017-05-11T02:30:24Z DEBUG stderr=POST /ca/agent/ca/profileProcess HTTP/1.0
- Host: ipa.rdlg.net:8443
- Content-Length: 738
- Content-Type: application/x-www-form-urlencoded
- exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2017-05-10+20%3A30%3A23&keyUsageCritical=true&submit=submit¬After=2019-04-30+20%3A30%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa-ca.rdlg.net%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DRDLG.NET&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approveport: 8443
- addr='ipa.rdlg.net'
- family='2'
- IP='172.20.0.200'
- Called mygetclientauthdata - nickname = ipa-ca-agent
- mygetclientauthdata - cert = fded80
- mygetclientauthdata - privkey = 1021440
- PR_Write wrote 878 bytes from bigBuf
- bytes: [POST /ca/agent/ca/profileProcess HTTP/1.0
- Host: ipa.rdlg.net:8443
- Content-Length: 738
- Content-Type: application/x-www-form-urlencoded
- exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true¬Before=2017-05-10+20%3A30%3A23&keyUsageCritical=true&submit=submit¬After=2019-04-30+20%3A30%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa-ca.rdlg.net%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DRDLG.NET&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve]
- do_writes shutting down send socket
- do_writes exiting with (result = 0)
- connection 1 read 9000 bytes (9000 total).
- these bytes read:
- connection 1 read 4329 bytes (13329 total).
- these bytes read:
- connection 1 read 13329 bytes total. -----------------------------
- Done with possible addresses - exiting.
- 2017-05-11T02:30:24Z DEBUG Starting external process
- 2017-05-11T02:30:24Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -A -t u,u,u -n ipaCert -a -i /tmp/tmp3Ay3eB
- 2017-05-11T02:30:24Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:24Z DEBUG stdout=
- 2017-05-11T02:30:24Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
- 2017-05-11T02:30:24Z DEBUG Starting external process
- 2017-05-11T02:30:24Z DEBUG args=/usr/bin/pki -d /etc/httpd/alias -C /etc/httpd/alias/pwdfile.txt client-cert-show ipaCert --client-cert /etc/httpd/alias/tmpRb3Roa
- 2017-05-11T02:30:25Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:25Z DEBUG stdout=
- 2017-05-11T02:30:25Z DEBUG stderr=
- 2017-05-11T02:30:25Z DEBUG duration: 1 seconds
- 2017-05-11T02:30:25Z DEBUG [17/31]: adding RA agent as a trusted user
- 2017-05-11T02:30:25Z DEBUG Created connection context.ldap2_85486928
- 2017-05-11T02:30:25Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:30:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4f95ab8>
- 2017-05-11T02:30:25Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Certificate Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember
- 2017-05-11T02:30:25Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Registration Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember
- 2017-05-11T02:30:25Z DEBUG Destroyed connection context.ldap2_85486928
- 2017-05-11T02:30:25Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:25Z DEBUG [18/31]: authorizing RA to modify profiles
- 2017-05-11T02:30:25Z DEBUG Created connection context.ldap2_83903184
- 2017-05-11T02:30:25Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:30:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x753e830>
- 2017-05-11T02:30:25Z DEBUG Destroyed connection context.ldap2_83903184
- 2017-05-11T02:30:25Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:25Z DEBUG [19/31]: authorizing RA to manage lightweight CAs
- 2017-05-11T02:30:25Z DEBUG Created connection context.ldap2_83906512
- 2017-05-11T02:30:25Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:30:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4f95ab8>
- 2017-05-11T02:30:25Z DEBUG Destroyed connection context.ldap2_83906512
- 2017-05-11T02:30:25Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:25Z DEBUG [20/31]: Ensure lightweight CAs container exists
- 2017-05-11T02:30:25Z DEBUG Created connection context.ldap2_83904592
- 2017-05-11T02:30:25Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:30:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x753e830>
- 2017-05-11T02:30:26Z DEBUG Destroyed connection context.ldap2_83904592
- 2017-05-11T02:30:26Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:26Z DEBUG [21/31]: configure certmonger for renewals
- 2017-05-11T02:30:26Z DEBUG Starting external process
- 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl enable certmonger.service
- 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:26Z DEBUG stdout=
- 2017-05-11T02:30:26Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service.
- 2017-05-11T02:30:26Z DEBUG Starting external process
- 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl start messagebus.service
- 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:26Z DEBUG stdout=
- 2017-05-11T02:30:26Z DEBUG stderr=
- 2017-05-11T02:30:26Z DEBUG Starting external process
- 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl is-active messagebus.service
- 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:26Z DEBUG stdout=active
- 2017-05-11T02:30:26Z DEBUG stderr=
- 2017-05-11T02:30:26Z DEBUG Starting external process
- 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl start certmonger.service
- 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:26Z DEBUG stdout=
- 2017-05-11T02:30:26Z DEBUG stderr=
- 2017-05-11T02:30:26Z DEBUG Starting external process
- 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl is-active certmonger.service
- 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:26Z DEBUG stdout=active
- 2017-05-11T02:30:26Z DEBUG stderr=
- 2017-05-11T02:30:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:30:26Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:30:27Z DEBUG duration: 1 seconds
- 2017-05-11T02:30:27Z DEBUG [22/31]: configure certificate renewals
- 2017-05-11T02:30:31Z DEBUG duration: 3 seconds
- 2017-05-11T02:30:31Z DEBUG [23/31]: configure RA certificate renewal
- 2017-05-11T02:30:32Z DEBUG duration: 1 seconds
- 2017-05-11T02:30:32Z DEBUG [24/31]: configure Server-Cert certificate renewal
- 2017-05-11T02:30:33Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:33Z DEBUG [25/31]: Configure HTTP to proxy connections
- 2017-05-11T02:30:33Z DEBUG duration: 0 seconds
- 2017-05-11T02:30:33Z DEBUG [26/31]: restarting certificate server
- 2017-05-11T02:30:33Z DEBUG Starting external process
- 2017-05-11T02:30:33Z DEBUG args=/bin/systemctl restart pki-tomcatd@pki-tomcat.service
- 2017-05-11T02:30:42Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:42Z DEBUG stdout=
- 2017-05-11T02:30:42Z DEBUG stderr=
- 2017-05-11T02:30:42Z DEBUG Starting external process
- 2017-05-11T02:30:42Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
- 2017-05-11T02:30:42Z DEBUG Process finished, return code=0
- 2017-05-11T02:30:42Z DEBUG stdout=active
- 2017-05-11T02:30:42Z DEBUG stderr=
- 2017-05-11T02:30:42Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
- 2017-05-11T02:30:44Z DEBUG Waiting until the CA is running
- 2017-05-11T02:30:44Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus
- 2017-05-11T02:30:44Z DEBUG request body ''
- 2017-05-11T02:30:52Z DEBUG response status 200
- 2017-05-11T02:30:52Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:52 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:52Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>'
- 2017-05-11T02:30:52Z DEBUG The CA status is: running
- 2017-05-11T02:30:52Z DEBUG duration: 19 seconds
- 2017-05-11T02:30:52Z DEBUG [27/31]: migrating certificate profiles to LDAP
- 2017-05-11T02:30:52Z DEBUG Created connection context.ldap2_83903632
- 2017-05-11T02:30:52Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:30:52Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7320128>
- 2017-05-11T02:30:53Z DEBUG Destroyed connection context.ldap2_83903632
- 2017-05-11T02:30:53Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:53Z DEBUG request body ''
- 2017-05-11T02:30:53Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:53Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:53Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:53Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:53Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:53Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:53Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 200
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=46FD6DF21C28C850B2B6E8B4670D7622; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates.\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caUserCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 409
- 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:54Z DEBUG Error migrating 'caUserCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caUserCert?action=enable
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 500
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 204
- 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=DA0F105A63528E1D88C41CEAE42B6D84; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body ''
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 200
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=040BFE94D36250CB8F0624A171B2E1D2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC certificates.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Dual-Use ECC Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECUserCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 409
- 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:54Z DEBUG Error migrating 'caECUserCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caECUserCert?action=enable
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 500
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 204
- 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=9EA9BC3B10FF742555CDEAC8B774CE25; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body ''
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 200
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=7EB614EA21AE5E4AEB76579A135E0844; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with S/MIME capabilities extension - OID: 1.2.840.113549.1.9.15\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use S/MIME capabilities Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9,11\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\npolicyset.userCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.11.constraint.name=No Constraint\npolicyset.userCertSet.11.default.class_id=genericExtDefaultImpl\npolicyset.userCertSet.11.default.name=Generic Extension\npolicyset.userCertSet.11.default.params.genericExtOID=1.2.840.113549.1.9.15\npolicyset.userCertSet.11.default.params.genericExtData=3067300B06092A864886F70D010105300B06092A864886F70D01010B300B06092A864886F70D01010C300B06092A864886F70D01010D300A06082A864886F70D0307300B0609608648016503040102300B060960864801650304012A300B06092A864886F70D010101\nprofileId=caUserSMIMEcapCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 409
- 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:54Z DEBUG Error migrating 'caUserSMIMEcapCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caUserSMIMEcapCert?action=enable
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 500
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 204
- 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=B9F26815F636D5A804F4AEDFFC622B8C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body ''
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 200
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=34934FBB1F4F7B4160CD13C13C73F300; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing & Encryption Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\nprofileId=caDualCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 409
- 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:54Z DEBUG Error migrating 'caDualCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDualCert?action=enable
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 500
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 204
- 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=C240B403C517A5BD8BF13EC248AF68FA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body ''
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 200
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=144987A81FEC4CDC6BFD553798A5D971; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-authenticated User Signing & Encryption Certificates Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\nprofileId=caDirBasedDualCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 409
- 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:54Z DEBUG Error migrating 'caDirBasedDualCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirBasedDualCert?action=enable
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 500
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 204
- 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=B55E3A8D30B594FD0D7FD1D1FAD7235B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body ''
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 200
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4C186CD489792FFADC572F2BF715FADE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling dual user ECC certificates. It works only with Netscape 7.0 or later.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing & Encryption ECC Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=EC\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=EC\npolicyset.signingCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\nprofileId=caECDualCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 409
- 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:54Z DEBUG Error migrating 'caECDualCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caECDualCert?action=enable
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 500
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 204
- 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=042FD11A1B84018026B0AD3A0F1694D4; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body ''
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 200
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E73BAA0CFF371050FE9628A41AC9D514; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:54Z DEBUG request body "desc=This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=\nname=Manual Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=-\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=AdminCert\nclassId=caEnrollImpl\n"
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 409
- 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:54Z DEBUG Error migrating 'AdminCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/AdminCert?action=enable
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 500
- 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:54Z DEBUG response status 204
- 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=24661E0665FCB5CF3110082DCEFDF294; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:54Z DEBUG response body ''
- 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:54Z DEBUG request body ''
- 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 200
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=DC3BE0380E26C75661E3DB3EBF78D0A2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:55Z DEBUG request body 'desc=This profile is for enrolling audit log signing certificates\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Log Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caLogSigningSet\npolicyset.caLogSigningSet.list=1,2,3,4,6,8,9\npolicyset.caLogSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caLogSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caLogSigningSet.1.constraint.params.pattern=CN=.*\npolicyset.caLogSigningSet.1.constraint.params.accept=true\npolicyset.caLogSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caLogSigningSet.1.default.name=Subject Name Default\npolicyset.caLogSigningSet.1.default.params.name=\npolicyset.caLogSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caLogSigningSet.2.constraint.name=Validity Constraint\npolicyset.caLogSigningSet.2.constraint.params.range=720\npolicyset.caLogSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caLogSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caLogSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caLogSigningSet.2.default.name=Validity Default\npolicyset.caLogSigningSet.2.default.params.range=720\npolicyset.caLogSigningSet.2.default.params.startTime=0\npolicyset.caLogSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caLogSigningSet.3.constraint.name=Key Constraint\npolicyset.caLogSigningSet.3.constraint.params.keyType=RSA\npolicyset.caLogSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caLogSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caLogSigningSet.3.default.name=Key Default\npolicyset.caLogSigningSet.4.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.4.constraint.name=No Constraint\npolicyset.caLogSigningSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.4.default.name=Authority Key Identifier Default\npolicyset.caLogSigningSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caLogSigningSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caLogSigningSet.6.default.name=Key Usage Default\npolicyset.caLogSigningSet.6.default.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.8.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.8.constraint.name=No Constraint\npolicyset.caLogSigningSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caLogSigningSet.8.default.params.critical=false\npolicyset.caLogSigningSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caLogSigningSet.9.constraint.name=No Constraint\npolicyset.caLogSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caLogSigningSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caLogSigningSet.9.default.name=Signing Alg\npolicyset.caLogSigningSet.9.default.params.signingAlg=-\nprofileId=caSignedLogCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 409
- 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:55Z DEBUG Error migrating 'caSignedLogCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSignedLogCert?action=enable
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 500
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 204
- 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=7AA05A9DDDEE34BEED4232409651B965; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body ''
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 200
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=1BC28DC8994A6112F7C33650F4650F46; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling TPS server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual TPS Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caTPSCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 409
- 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:55Z DEBUG Error migrating 'caTPSCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTPSCert?action=enable
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 500
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 204
- 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=47DC5F2C6D258E45E557ACC83A990060; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body ''
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 200
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=370AC3D36623B4095E5F3D852FE29078; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRARouterCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 409
- 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:55Z DEBUG Error migrating 'caRARouterCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRARouterCert?action=enable
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 500
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 204
- 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=24D6FAB637F1C197A16D514BE733B51A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body ''
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 200
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=AE7CD0068442866E31AB80D24CD5EBC0; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=flatFileAuth\nname=One Time Pin Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRouterCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 409
- 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:55Z DEBUG Error migrating 'caRouterCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRouterCert?action=enable
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 500
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 204
- 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=9D065B162B15A99C4196A4D93EE205BE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body ''
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 200
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=CAC3858C06215F9E52C22A6F80AFCFBD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caServerCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 409
- 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:55Z DEBUG Error migrating 'caServerCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caServerCert?action=enable
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 500
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 204
- 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=EEC3A5E4616CDC92E4CA0159ECF394F8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body ''
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 200
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=B6CB304E7FB2D4DB05AE61E08901A598; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling subsystem certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caSubsystemCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 409
- 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:55Z DEBUG Error migrating 'caSubsystemCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSubsystemCert?action=enable
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 500
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 204
- 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=586BD0C8C2163E855718416104F3461E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body ''
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 200
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=F0694B09D01938C76727D5E7974DDCE8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling other certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Other Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=otherCertSet\npolicyset.otherCertSet.list=1,2,3,4,5,6,7,8\npolicyset.otherCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.otherCertSet.1.constraint.name=Subject Name Constraint\npolicyset.otherCertSet.1.constraint.params.pattern=CN=.*\npolicyset.otherCertSet.1.constraint.params.accept=true\npolicyset.otherCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.otherCertSet.1.default.name=Subject Name Default\npolicyset.otherCertSet.1.default.params.name=\npolicyset.otherCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.otherCertSet.2.constraint.name=Validity Constraint\npolicyset.otherCertSet.2.constraint.params.range=720\npolicyset.otherCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.otherCertSet.2.constraint.params.notAfterCheck=false\npolicyset.otherCertSet.2.default.class_id=validityDefaultImpl\npolicyset.otherCertSet.2.default.name=Validity Default\npolicyset.otherCertSet.2.default.params.range=720\npolicyset.otherCertSet.2.default.params.startTime=0\npolicyset.otherCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.otherCertSet.3.constraint.name=Key Constraint\npolicyset.otherCertSet.3.constraint.params.keyType=-\npolicyset.otherCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.otherCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.otherCertSet.3.default.name=Key Default\npolicyset.otherCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.4.constraint.name=No Constraint\npolicyset.otherCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.otherCertSet.4.default.name=Authority Key Identifier Default\npolicyset.otherCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.5.constraint.name=No Constraint\npolicyset.otherCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.otherCertSet.5.default.name=AIA Extension Default\npolicyset.otherCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.otherCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.otherCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.otherCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.otherCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.otherCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.otherCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.otherCertSet.6.default.name=Key Usage Default\npolicyset.otherCertSet.6.default.params.keyUsageCritical=true\npolicyset.otherCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.7.constraint.name=No Constraint\npolicyset.otherCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.otherCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.otherCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.otherCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.otherCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.otherCertSet.8.constraint.name=No Constraint\npolicyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.otherCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.otherCertSet.8.default.name=Signing Alg\npolicyset.otherCertSet.8.default.params.signingAlg=-\nprofileId=caOtherCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 409
- 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:55Z DEBUG Error migrating 'caOtherCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caOtherCert?action=enable
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 500
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 204
- 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=0E81CE66AB933454F40F6C29DBF786F3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body ''
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 200
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=33A345D9395D85A8BD078E5D4921AB6C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCACert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 409
- 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:55Z DEBUG Error migrating 'caCACert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caCACert?action=enable
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 500
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 204
- 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=1666AF99F4350CA2DD03468414D81851; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body ''
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 200
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E320477F05778C3BE006B51328794EBA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling Cross Signed Certificate Authority certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Cross Signed Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=userSubjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=User Subject Name Constraint\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=User Supplied Subject Name Default\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCrossSignedCACert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 409
- 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:55Z DEBUG Error migrating 'caCrossSignedCACert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caCrossSignedCACert?action=enable
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 204
- 2017-05-11T02:30:55Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:55Z DEBUG response body ''
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 204
- 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=DD7BBED93F65808288D14EAE012C29B4; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body ''
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 200
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=573DDC30D27B038CEA56F1A8F63528E5; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Manual Security Domain Certificate Authority Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=720\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=validityDefaultImpl\npolicyset.caCertSet.2.default.name=Validity Default\npolicyset.caCertSet.2.default.params.range=720\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caInstallCACert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 409
- 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:55Z DEBUG Error migrating 'caInstallCACert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInstallCACert?action=enable
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 500
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 204
- 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=5640EAFE196F40FAAAABCC8A1D7131BE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body ''
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 200
- 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=CAA28333764DC76F421A2ACEDFC20DA9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling Registration Manager certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Registration Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=raCertSet\npolicyset.raCertSet.list=1,2,3,4,5,6,7,8\npolicyset.raCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.raCertSet.1.constraint.name=Subject Name Constraint\npolicyset.raCertSet.1.constraint.params.pattern=CN=.*\npolicyset.raCertSet.1.constraint.params.accept=true\npolicyset.raCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.raCertSet.1.default.name=Subject Name Default\npolicyset.raCertSet.1.default.params.name=\npolicyset.raCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.raCertSet.2.constraint.name=Validity Constraint\npolicyset.raCertSet.2.constraint.params.range=720\npolicyset.raCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.raCertSet.2.constraint.params.notAfterCheck=false\npolicyset.raCertSet.2.default.class_id=validityDefaultImpl\npolicyset.raCertSet.2.default.name=Validity Default\npolicyset.raCertSet.2.default.params.range=720\npolicyset.raCertSet.2.default.params.startTime=0\npolicyset.raCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.raCertSet.3.constraint.name=Key Constraint\npolicyset.raCertSet.3.constraint.params.keyType=RSA\npolicyset.raCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.raCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.raCertSet.3.default.name=Key Default\npolicyset.raCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.4.constraint.name=No Constraint\npolicyset.raCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.raCertSet.4.default.name=Authority Key Identifier Default\npolicyset.raCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.5.constraint.name=No Constraint\npolicyset.raCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.raCertSet.5.default.name=AIA Extension Default\npolicyset.raCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.raCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.raCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.raCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.raCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.raCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.raCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.raCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.raCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.raCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.raCertSet.6.default.name=Key Usage Default\npolicyset.raCertSet.6.default.params.keyUsageCritical=true\npolicyset.raCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.7.constraint.name=No Constraint\npolicyset.raCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.raCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.raCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.raCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.raCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.raCertSet.8.constraint.name=No Constraint\npolicyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.raCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.raCertSet.8.default.name=Signing Alg\npolicyset.raCertSet.8.default.params.signingAlg=-\nprofileId=caRACert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 409
- 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:55Z DEBUG Error migrating 'caRACert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRACert?action=enable
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 204
- 2017-05-11T02:30:55Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:55Z DEBUG response body ''
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:55Z DEBUG response status 204
- 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=8CBE95B91C98750C369C6F217F13AA64; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:55Z DEBUG response body ''
- 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:55Z DEBUG request body ''
- 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 200
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=D7C389F46EEB67CA4497D074344327B8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling OCSP Manager certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual OCSP Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caOCSPCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 409
- 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:56Z DEBUG Error migrating 'caOCSPCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caOCSPCert?action=enable
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 500
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 204
- 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=72E69BB693CD23FB84BECE71C02B6382; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body ''
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 200
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=D5901AF0D3D8D8A65CFD291FA19FA384; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager storage certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class.id=\nname=Manual Data Recovery Manager Storage Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=RSA\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caStorageCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 409
- 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:56Z DEBUG Error migrating 'caStorageCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caStorageCert?action=enable
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 500
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 204
- 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=0D8919ACD16EFBB3D22B4ADA9C090F08; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body ''
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 200
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=77F2BEF46C29548CA1D77AA08065CFEB; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager transport certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Data Recovery Manager Transport Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=RSA\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caTransportCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 409
- 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:56Z DEBUG Error migrating 'caTransportCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTransportCert?action=enable
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 500
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 204
- 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=66F10A2A23194FAC231BEBAD398333DA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body ''
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 200
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=3E4222E03E7F02E961745F462130DBE2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-pin-based authentication.\nvisible=true\nenable=false\nenableBy=admin\nname=Directory-Pin-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=PinDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirPinUserCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 409
- 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:56Z DEBUG Error migrating 'caDirPinUserCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirPinUserCert?action=enable
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 204
- 2017-05-11T02:30:56Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:56Z DEBUG response body ''
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 204
- 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=B4630202ADFB2EAE8B190C30A8C2821C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body ''
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 200
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=9C7A84C18AED26B441E0606D19183CD0; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirUserCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 409
- 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:56Z DEBUG Error migrating 'caDirUserCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirUserCert?action=enable
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 500
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 204
- 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=4DB58D7422000FDE7247C1E996EA7012; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body ''
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 200
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4D57DCACCF60FC91EE60E14043EC7B40; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User Dual-Use ECC Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECDirUserCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 409
- 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:56Z DEBUG Error migrating 'caECDirUserCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caECDirUserCert?action=enable
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 500
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 204
- 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=1ECE2A33B9192764F86287850C43055B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body ''
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 200
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=2B561B9132160098054494DC99D15A3C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentServerCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 409
- 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:56Z DEBUG Error migrating 'caAgentServerCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caAgentServerCert?action=enable
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 500
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 204
- 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=CE3DF2DEA7CF52AB69EBD7F162AC27FD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body ''
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 200
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=9CD681DA6A0FCFCC1F8DB4094ECFA9B9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for getting file signing certificate with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated File Signing\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=fileSigningInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=pkcs7OutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=(Name)$request.requestor_name$(Text)$request.file_signing_text$(Size)$request.file_signing_size$(DigestType)$request.file_signing_digest_type$(Digest)$request.file_signing_digest$\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.3\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentFileSigning\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 409
- 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:56Z DEBUG Error migrating 'caAgentFileSigning': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caAgentFileSigning?action=enable
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 500
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 204
- 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=2D7D3FE8C58A3A3549F2193A93AD081D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body ''
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 200
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=AF482EB5E6832413CCCFECBE97A2AD9D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Signed CMC-Authenticated User Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caCMCUserCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 409
- 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:56Z DEBUG Error migrating 'caCMCUserCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caCMCUserCert?action=enable
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 500
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 204
- 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=3B88E13CD74865938C20B0E3E9A76830; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body ''
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 200
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=1C8104F02E73AD311EDA8A0A8105D796; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Signed CMC-Authenticated User Certificate Enrollment\nvisible=false\nauth.instance_id=CMCAuth\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caFullCMCUserCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 409
- 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:56Z DEBUG Error migrating 'caFullCMCUserCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caFullCMCUserCert?action=enable
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 500
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 204
- 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=6FD84914A9C240372D4C712BBCB7612B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body ''
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 200
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=CF7E6E4E53FB8AFEF7983D37C3F1B9B6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Simple CMC Enrollment Request for User Certificate\nvisible=false\nauth.instance_id=\ninput.list=i1\ninput.i1.class_id=certReqInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caSimpleCMCUserCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 409
- 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:56Z DEBUG Error migrating 'caSimpleCMCUserCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSimpleCMCUserCert?action=enable
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 500
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 204
- 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=2BE472BB444277B32F8D6EA35B4A2C66; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body ''
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 200
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=FDC5F023E7559B3381BC375561A7F3A8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:56Z DEBUG request body 'desc=This profile is for enrolling token device keys\nenable=true\nenableBy=admin\nlastModified=1068835451090\nname=Token Device Key Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsHKeyCertReqInputImpl\ninput.i1.name=nsHKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\nprofileId=caTokenDeviceKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 409
- 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:56Z DEBUG Error migrating 'caTokenDeviceKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenDeviceKeyEnrollment?action=enable
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 500
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 204
- 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=9B06D2FCFA60AECF08D6ABC2CEF78018; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body ''
- 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:56Z DEBUG request body ''
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:56Z DEBUG response status 200
- 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=9437F8FA146FEF5CFD475641827E2AE6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:56Z DEBUG request body 'desc=This profile is for enrolling Token Encryption key\nenable=true\nenableBy=admin\nname=Token User Encryption Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserEncryptionKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
- 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 409
- 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:57Z DEBUG Error migrating 'caTokenUserEncryptionKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserEncryptionKeyEnrollment?action=enable
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 500
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 204
- 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=DFE9079E7F5FD62A94071476230CA852; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body ''
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 200
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=F98D279C285CD70D28E715CD7399B8F8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:57Z DEBUG request body 'desc=This profile is for enrolling Token Signing key\nenable=true\nenableBy=admin\nname=Token User Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 409
- 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:57Z DEBUG Error migrating 'caTokenUserSigningKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserSigningKeyEnrollment?action=enable
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 500
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 204
- 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=3DC19B40923D5438BAF4727C52684832; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body ''
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 200
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=883F6A8FAC216E5F9248B0E2C2E242DE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:57Z DEBUG request body 'desc=This profile is for enrolling token device keys\nenable=true\nenableBy=admin\nlastModified=1068835451090\nname=Temporary Device Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsHKeyCertReqInputImpl\ninput.i1.name=nsHKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\nprofileId=caTempTokenDeviceKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 409
- 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:57Z DEBUG Error migrating 'caTempTokenDeviceKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTempTokenDeviceKeyEnrollment?action=enable
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 500
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 204
- 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=C8AF81894DBD5B3F48B5EC13FC05C23F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body ''
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 200
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E2A5AFDAD0966FDAB7896AAB4B1C72F4; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:57Z DEBUG request body 'desc=This profile is for enrolling Token Encryption key\nenable=true\nenableBy=admin\nname=Temporary Token User Encryption Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\n#uncomment below to support SMIME\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTempTokenUserEncryptionKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 409
- 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:57Z DEBUG Error migrating 'caTempTokenUserEncryptionKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTempTokenUserEncryptionKeyEnrollment?action=enable
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 500
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 204
- 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=D449ADF4D5669ABDAC708B467929C066; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body ''
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 200
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=5D2ACF73880B53880AA3ED5AEF87086B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:57Z DEBUG request body 'desc=This profile is for enrolling Token Signing key\nenable=true\nenableBy=admin\nname=Temporary Token User Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\n#uncomment below to support SMIME\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTempTokenUserSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 409
- 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:57Z DEBUG Error migrating 'caTempTokenUserSigningKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTempTokenUserSigningKeyEnrollment?action=enable
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 500
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 204
- 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=4E4F1A376ABCA848816DECD8DDA946E3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body ''
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 200
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=70EB3239CE3341AB55AA6216A1C27A14; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain administrator\'s certificates with LDAP authentication against the internal LDAP database.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=-\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=caAdminCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 409
- 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:57Z DEBUG Error migrating 'caAdminCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caAdminCert?action=enable
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 500
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 204
- 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=DC86AE42F7996F325C549F8A880EFC7D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body ''
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 200
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=B1F6A17F89680118863AE4B614ECC6D3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain server certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\n# allows SAN to be specified from client side\n# need to:\n# 1. add i3 to input.list above\n# 2. add 9 to policyset.serverCertSet.list above\n# 3. change below to reflect the number of general names, and\n# turn each corresponding subjAltExtPattern_<num> to true\n# policyset.serverCertSet.9.default.params.subjAltNameNumGNs\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.serverCertSet.9.default.name=Subject Alternative Name Extension Default\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_1=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.req_san_pattern_1$\npolicyset.serverCertSet.9.default.params.subjAltExtType_1=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_2=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_2=$request.req_san_pattern_2$\npolicyset.serverCertSet.9.default.params.subjAltExtType_2=DNSName\npolicyset.serverCertSet.9.default.params.subjAltNameExtCritical=false\npolicyset.serverCertSet.9.default.params.subjAltNameNumGNs=1\nprofileId=caInternalAuthServerCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 409
- 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:57Z DEBUG Error migrating 'caInternalAuthServerCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthServerCert?action=enable
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 500
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 204
- 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=61DBF58D7CDCFEADF13A3702717B4394; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body ''
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 200
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=C6818A844D8CFB9998CAD332D8D12174; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain Data Recovery Manager transport certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Data Recovery Manager Transport Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=-\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caInternalAuthTransportCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 409
- 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:57Z DEBUG Error migrating 'caInternalAuthTransportCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthTransportCert?action=enable
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 500
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 204
- 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=4DA27EEE6330057DD3713E9376672FD9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body ''
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 200
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4BC1E6A8C91A070E772016ED416D5016; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain DRM storage certificates\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain DRM storage Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=-\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthDRMstorageCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 409
- 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:57Z DEBUG Error migrating 'caInternalAuthDRMstorageCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthDRMstorageCert?action=enable
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 500
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 204
- 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=AB136A40B274663299A1CB9D25977FFA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body ''
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 200
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=68D933C7C8EDB1C07C15243E7E408CE0; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain subsystem certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nupdater.list=u1\nupdater.u1.class_id=subsystemGroupUpdaterImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caInternalAuthSubsystemCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 409
- 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:57Z DEBUG Error migrating 'caInternalAuthSubsystemCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthSubsystemCert?action=enable
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 500
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 204
- 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=CF15E6D47184538AF19B6D586ACD1893; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body ''
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 200
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=6CF87AF0A1C18DF0372050476C72C77D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain OCSP Manager certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain OCSP Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthOCSPCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 409
- 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:57Z DEBUG Error migrating 'caInternalAuthOCSPCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthOCSPCert?action=enable
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 500
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 204
- 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=D1266F02201DEBDDBF314C30BE773E8A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body ''
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 200
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=9FE1EDC77F728F102276CD1993A6FC92; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling audit signing certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Audit Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=auditSigningCertSet\npolicyset.auditSigningCertSet.list=1,2,3,4,5,6,9\npolicyset.auditSigningCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.auditSigningCertSet.1.constraint.name=Subject Name Constraint\npolicyset.auditSigningCertSet.1.constraint.params.pattern=CN=.*\npolicyset.auditSigningCertSet.1.constraint.params.accept=true\npolicyset.auditSigningCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.auditSigningCertSet.1.default.name=Subject Name Default\npolicyset.auditSigningCertSet.1.default.params.name=\npolicyset.auditSigningCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.auditSigningCertSet.2.constraint.name=Validity Constraint\npolicyset.auditSigningCertSet.2.constraint.params.range=720\npolicyset.auditSigningCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.auditSigningCertSet.2.constraint.params.notAfterCheck=false\npolicyset.auditSigningCertSet.2.default.class_id=validityDefaultImpl\npolicyset.auditSigningCertSet.2.default.name=Validity Default\npolicyset.auditSigningCertSet.2.default.params.range=720\npolicyset.auditSigningCertSet.2.default.params.startTime=0\npolicyset.auditSigningCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.auditSigningCertSet.3.constraint.name=Key Constraint\npolicyset.auditSigningCertSet.3.constraint.params.keyType=-\npolicyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.auditSigningCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.auditSigningCertSet.3.default.name=Key Default\npolicyset.auditSigningCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.4.constraint.name=No Constraint\npolicyset.auditSigningCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.auditSigningCertSet.4.default.name=Authority Key Identifier Default\npolicyset.auditSigningCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.5.constraint.name=No Constraint\npolicyset.auditSigningCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.auditSigningCertSet.5.default.name=AIA Extension Default\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.auditSigningCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.auditSigningCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.auditSigningCertSet.6.default.name=Key Usage Default\npolicyset.auditSigningCertSet.6.default.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.auditSigningCertSet.9.constraint.name=No Constraint\npolicyset.auditSigningCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.auditSigningCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.auditSigningCertSet.9.default.name=Signing Alg\npolicyset.auditSigningCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthAuditSigningCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 409
- 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:57Z DEBUG Error migrating 'caInternalAuthAuditSigningCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthAuditSigningCert?action=enable
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 500
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 204
- 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=B6952DBB1B81786382651460280E74C6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body ''
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 200
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=1AB851486467D4B420A95EC67A31D771; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:57Z DEBUG request body "desc=This profile is for enrolling Domain Controller Certificate\nenable=true\nenableBy=admin\nname=Domain Controller\nvisible=true\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=genericInputImpl\ninput.i3.params.gi_display_name0=ccm\ninput.i3.params.gi_param_enable0=true\ninput.i3.params.gi_param_name0=ccm\ninput.i3.params.gi_display_name1=GUID\ninput.i3.params.gi_param_enable1=true\ninput.i3.params.gi_param_name1=GUID\ninput.i3.params.gi_num=2\noutput.list=o1,o2\noutput.o1.class_id=certOutputImpl\noutput.o2.class_id=pkcs7OutputImpl\npolicyset.list=set1\npolicyset.set1.list=p2,p4,p5,subj,p6,p8,p9,p12,eku,gen,crldp\npolicyset.set1.subj.constraint.class_id=noConstraintImpl\npolicyset.set1.subj.constraint.name=No Constraint\npolicyset.set1.subj.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.subj.default.name=nsTokenUserKeySubjectNameDefault\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\n#policyset.set1.subj.default.params.dnpattern=CN=GEMSTAR,OU=Domain Controllers,DC=test,dc=local\npolicyset.set1.subj.default.params.dnpattern=CN=$request.ccm$\npolicyset.set1.subj.default.params.ldap.enable=false\npolicyset.set1.subj.default.params.ldap.searchName=uid\npolicyset.set1.subj.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.subj.default.params.ldap.basedn=\npolicyset.set1.subj.default.params.ldap.maxConns=4\npolicyset.set1.subj.default.params.ldap.minConns=1\npolicyset.set1.subj.default.params.ldap.ldapconn.Version=2\npolicyset.set1.subj.default.params.ldap.ldapconn.host=\npolicyset.set1.subj.default.params.ldap.ldapconn.port=\npolicyset.set1.subj.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.ccm$\npolicyset.set1.p6.default.params.subjAltExtType_0=DNSName\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(Any)1.3.6.1.4.1.311.25.1,0410$request.GUID$\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.5.constraint.class_id=noConstraintImpl\npolicyset.set1.5.constraint.name=No Constraint\npolicyset.set1.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.5.default.name=AIA Extension Default\npolicyset.set1.5.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.5.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.2\npolicyset.set1.5.default.params.authInfoAccessCritical=false\npolicyset.set1.5.default.params.authInfoAccessNumADs=1\npolicyset.set1.eku.constraint.class_id=noConstraintImpl\npolicyset.set1.eku.constraint.name=No Constraint\npolicyset.set1.eku.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.set1.eku.default.name=Extended Key Usage Extension Default\npolicyset.set1.eku.default.params.exKeyUsageCritical=false\npolicyset.set1.eku.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.crldp.constraint.class_id=noConstraintImpl\npolicyset.set1.crldp.constraint.name=No Constraint\npolicyset.set1.crldp.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.crldp.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.crldp.default.params.crlDistPointsCritical=false\npolicyset.set1.crldp.default.params.crlDistPointsNum=1\npolicyset.set1.crldp.default.params.crlDistPointsEnable_0=true\npolicyset.set1.crldp.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.crldp.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.crldp.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.crldp.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.crldp.default.params.crlDistPointsReasons_0=\npolicyset.set1.gen.constraint.class_id=noConstraintImpl\npolicyset.set1.gen.constraint.name=No Constraint\npolicyset.set1.gen.default.class_id=genericExtDefaultImpl\npolicyset.set1.gen.default.name=Generic Extension\n#This is the Microsoft 'Certificate Template Name' Extensions. The Value is 'DomainController'\npolicyset.set1.gen.default.params.genericExtOID=1.3.6.1.4.1.311.20.2\npolicyset.set1.gen.default.params.genericExtData=1e200044006f006d00610069006e0043006f006e00740072006f006c006c00650072\nprofileId=DomainController\nclassId=caEnrollImpl\n"
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 409
- 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:57Z DEBUG Error migrating 'DomainController': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/DomainController?action=enable
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 500
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 204
- 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=9115C88734285FED43DC577E5C94866F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body ''
- 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:57Z DEBUG request body ''
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:57Z DEBUG response status 200
- 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=538CC0A24F42BA7179625E6FDF3CCED8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated User Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=.*UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDualRAuserCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caDualRAuserCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDualRAuserCert?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 500
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=182992E1B3FA6269DE751801FAC2F628; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=A076DE38FC7E1F02BC3109F943C43594; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for enrolling RA agent user certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Agent User Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caRAagentCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caRAagentCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRAagentCert?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 500
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=08322014CC4176ABA64146550FB4F067; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=9995B637CC2EE2F819DC46C074683C47; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRAserverCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caRAserverCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRAserverCert?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 500
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=0E85CCE265B4D1FA73450A6433A83E9B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=80F3BDB39D80DF60C7BDF8C735C3B189; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for enrolling device certificates to contain UUID in the Subject Alternative Name extension\nvisible=true\nenable=false\nenableBy=admin\nname=Manual device Dual-Use Certificate Enrollment to contain UUID in SAN\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltExtType_1=OtherName\npolicyset.userCertSet.8.default.params.subjAltExtPattern_1=(IA5String)1.2.3.4,$server.source$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_1=true\npolicyset.userCertSet.8.default.params.subjAltExtSource_1=UUID4\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=2\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caUUIDdeviceCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caUUIDdeviceCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caUUIDdeviceCert?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=68B1B09B612394C6107E00480B53D4AC; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=2987DD780FCBE8C7E5B227BFF4697CE2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for renewing SSL client certificates.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=SSLclientCertAuth\nname=Renewal: Self-renew user SSL client certificates\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caSSLClientSelfRenewal\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caSSLClientSelfRenewal': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSSLClientSelfRenewal?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 500
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=644F322201634A664A80761E02D7669B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=035500ACDB2FB969E354CFEC53E93CC9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for renewing a certificate by serial number by using directory based authentication.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=UserDirEnrollment\nauthz.acl=user_origreq="auth_token.uid"\nname=Renewal: Directory-Authenticated User Certificate Self-Renew profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caDirUserRenewal\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caDirUserRenewal': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirUserRenewal?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 500
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=1B12804ABC70F481C514CF1387AA8FA3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4F7288B249DA22712C7AA09F597E9254; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for renewing certificates to be approved manually by agents.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=\nname=Renewal: Renew certificate to be manually approved by agents\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caManualRenewal\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caManualRenewal': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caManualRenewal?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 500
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=EB6528EE7A03D0B6072753172501AC8E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=F45F58013B24DE6D8EB8CFC1A0C6F90F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This profile is for enrolling MS Login Certificate\nenable=true\nenableBy=admin\nname=Token User MS Login Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12,p13,p14,p15\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=CN=uid=$request.uid$,E=$request.mail$, ou=$request.upn$, o=example\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=true\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail,givenName,sn,upn\npolicyset.set1.p1.default.params.ldap.basedn=ou=People,dc=example,dc=com\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=localhost.localdomain\npolicyset.set1.p1.default.params.ldap.ldapconn.port=389\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.upn$\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=true\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9443/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9443/ca/ocsp\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\npolicyset.set1.p15.constraint.class_id=noConstraintImpl\npolicyset.set1.p15.constraint.name=No Constraint\npolicyset.set1.p15.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.set1.p15.default.name=Extended Key Usage Extension Default\npolicyset.set1.p15.default.params.exKeyUsageCritical=false\npolicyset.set1.p15.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2\n\nprofileId=caTokenMSLoginEnrollment\nclassId=caUserCertEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caTokenMSLoginEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenMSLoginEnrollment?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 500
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=123159B1C1402A26A271E7AD8E287376; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=810876DC01E828CABD741C1E0F2B7221; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for renewing a token certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token signing cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserSigningKeyRenewal\nclassId=caUserCertEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caTokenUserSigningKeyRenewal': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserSigningKeyRenewal?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 500
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=64581118A37C9476B43760D4D2AA98E2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4FDFE3C95CFC914259D03AE213603590; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for renewing a token encryption certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token encryption cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserEncryptionKeyRenewal\nclassId=caUserCertEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caTokenUserEncryptionKeyRenewal': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserEncryptionKeyRenewal?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 500
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=052341DBAB8371C74BD9FD0B28BE47CE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=F7396C8C1E32B52E7F5D22B5AB635E30; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for renewing a token authentication certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token authentication cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserAuthKeyRenewal\nclassId=caUserCertEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caTokenUserAuthKeyRenewal': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserAuthKeyRenewal?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 500
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=EDA97407BE5E4DC72CEE5218C0AE8ED9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=DD2CDD4AEB417073407922FB2676CF83; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This is an IPA profile for enrolling Jar Signing certificates.\nenable=true\nenableBy=admin\nname=Manual Jar Signing Certificate Enrollment\nvisible=false\nauth.class_id=\nauth.instance_id=raCertAuth\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caJarSigningSet\npolicyset.caJarSigningSet.list=1,2,3,4,5,6\npolicyset.caJarSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caJarSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caJarSigningSet.1.constraint.params.accept=true\npolicyset.caJarSigningSet.1.constraint.params.pattern=.*\npolicyset.caJarSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caJarSigningSet.1.default.name=Subject Name Default\npolicyset.caJarSigningSet.1.default.params.name=\npolicyset.caJarSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caJarSigningSet.2.constraint.name=Validity Constraint\npolicyset.caJarSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caJarSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caJarSigningSet.2.constraint.params.range=2922\npolicyset.caJarSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caJarSigningSet.2.default.name=Validity Default\npolicyset.caJarSigningSet.2.default.params.range=1461\npolicyset.caJarSigningSet.2.default.params.startTime=0\npolicyset.caJarSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caJarSigningSet.3.constraint.name=Key Constraint\npolicyset.caJarSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caJarSigningSet.3.constraint.params.keyType=RSA\npolicyset.caJarSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caJarSigningSet.3.default.name=Key Default\npolicyset.caJarSigningSet.4.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caJarSigningSet.4.constraint.name=Key Usage Extension Constraint\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCritical=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCrlSign=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDataEncipherment=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDecipherOnly=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDigitalSignature=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageEncipherOnly=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyAgreement=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyCertSign=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyEncipherment=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageNonRepudiation=-\npolicyset.caJarSigningSet.4.default.class_id=keyUsageExtDefaultImpl\npolicyset.caJarSigningSet.4.default.name=Key Usage Default\npolicyset.caJarSigningSet.4.default.params.keyUsageCritical=true\npolicyset.caJarSigningSet.4.default.params.keyUsageCrlSign=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDataEncipherment=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDecipherOnly=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDigitalSignature=true\npolicyset.caJarSigningSet.4.default.params.keyUsageEncipherOnly=false\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyAgreement=false\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyCertSign=true\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyEncipherment=false\npolicyset.caJarSigningSet.4.default.params.keyUsageNonRepudiation=false\npolicyset.caJarSigningSet.5.constraint.class_id=nsCertTypeExtConstraintImpl\npolicyset.caJarSigningSet.5.constraint.name=Netscape Certificate Type Extension Constraint\npolicyset.caJarSigningSet.5.constraint.params.nsCertCritical=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmail=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmailCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigning=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigningCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLClient=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLServer=-\npolicyset.caJarSigningSet.5.default.class_id=nsCertTypeExtDefaultImpl\npolicyset.caJarSigningSet.5.default.name=Netscape Certificate Type Extension Default\npolicyset.caJarSigningSet.5.default.params.nsCertCritical=false\npolicyset.caJarSigningSet.5.default.params.nsCertEmail=false\npolicyset.caJarSigningSet.5.default.params.nsCertEmailCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigning=true\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigningCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLClient=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLServer=false\npolicyset.caJarSigningSet.6.constraint.class_id=signingAlgConstraintImpl\npolicyset.caJarSigningSet.6.constraint.name=No Constraint\npolicyset.caJarSigningSet.6.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caJarSigningSet.6.default.class_id=signingAlgDefaultImpl\npolicyset.caJarSigningSet.6.default.name=Signing Alg\npolicyset.caJarSigningSet.6.default.params.signingAlg=-\nprofileId=caJarSigningCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caJarSigningCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caJarSigningCert?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 500
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=AAFE444092F7EF7B6BCBA6C94AE0A135; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=C6584322B79C49320D19BA2DA8048429; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, OU=pki-ipa, O=IPA \npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=https://ipa.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\nprofileId=caIPAserviceCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caIPAserviceCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caIPAserviceCert?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 500
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=823425594F298491516A43D868F91CAD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=A800AD8A3E6BCAF3DB46976CB5F652C2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for enrolling user encryption certificates with option to archive keys.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Encryption Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=CN=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\n\nprofileId=caEncUserCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 409
- 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:58Z DEBUG Error migrating 'caEncUserCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caEncUserCert?action=enable
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 500
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 204
- 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=EB127D2F4F73A04EB78FF42ED07D4B78; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body ''
- 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:58Z DEBUG request body ''
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:58Z DEBUG response status 200
- 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=1E9C5604D5DC4FFCF4BE233C121EC17B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for enrolling user signing certificates.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=signingCertSet\npolicyset.signingCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=CN=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.5.constraint.name=No Constraint\npolicyset.signingCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.signingCertSet.5.default.name=AIA Extension Default\npolicyset.signingCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.signingCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.signingCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.signingCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.signingCertSet.6.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.6.constraint.name=No Constraint\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\n\nprofileId=caSigningUserCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 409
- 2017-05-11T02:30:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:59Z DEBUG Error migrating 'caSigningUserCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSigningUserCert?action=enable
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 500
- 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 204
- 2017-05-11T02:30:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=BB89A7FE3CEE2F81EB68687D46E1D368; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:59Z DEBUG response body ''
- 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 200
- 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=FC3ACF10F594F86A0C6AEA06D44F0AA2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:59Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC signing certificates. It works only with the latest Firefox.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing ECC Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=signingCertSet\npolicyset.signingCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=CN=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=EC\npolicyset.signingCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.5.constraint.name=No Constraint\npolicyset.signingCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.signingCertSet.5.default.name=AIA Extension Default\npolicyset.signingCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.signingCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.signingCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.signingCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.signingCertSet.6.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.6.constraint.name=No Constraint\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\n\nprofileId=caSigningECUserCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 409
- 2017-05-11T02:30:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:59Z DEBUG Error migrating 'caSigningECUserCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSigningECUserCert?action=enable
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 500
- 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 204
- 2017-05-11T02:30:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=4257C5D5391D0227A699E737F0D523ED; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:59Z DEBUG response body ''
- 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 200
- 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=7C25D447552066DE32A631C340A6E2A6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:59Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC encryption certificates. It works only with latest Firefox.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Encryption ECC Certificates Enrollment\nauth.class_id=\ninput.list=i1\ninput.i1.class_id=encKeyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=CN=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=EC\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\nprofileId=caEncECUserCert\nclassId=caEnrollImpl\n'
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 409
- 2017-05-11T02:30:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:59Z DEBUG Error migrating 'caEncECUserCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caEncECUserCert?action=enable
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 500
- 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 204
- 2017-05-11T02:30:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=EA35DCC523C01764F8D62E11D499A02D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:59Z DEBUG response body ''
- 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 200
- 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=5E5DBE138D6E4A3CED0DD7F3E48754DD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:59Z DEBUG request body 'desc=This profile is for enrolling Token User Delegate Authentication key\nenable=true\nenableBy=admin\nname=Token User Delegate Authentication Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\ninput.i2.class_id=subjectDNInputImpl\ninput.i2.name=subjectDNInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\ninput.i3.name=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p1.constraint.name=Subject Name Constraint\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p1.default.params.name=\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.req_san_pattern_0$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserDelegateAuthKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 409
- 2017-05-11T02:30:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:59Z DEBUG Error migrating 'caTokenUserDelegateAuthKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserDelegateAuthKeyEnrollment?action=enable
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 500
- 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 204
- 2017-05-11T02:30:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=C1916DFA4FC116820634D4E5C602FF95; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:59Z DEBUG response body ''
- 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 200
- 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=FEA91CD2AE13E69C171FB9D197219DBB; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:59Z DEBUG request body 'desc=This profile is for enrolling Token User Delegate Signing key\nenable=true\nenableBy=admin\nname=Token User Delegate Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\ninput.i2.class_id=subjectDNInputImpl\ninput.i2.name=subjectDNInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\ninput.i3.name=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p1.constraint.name=Subject Name Constraint\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserDelegateSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 409
- 2017-05-11T02:30:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:59Z DEBUG Error migrating 'caTokenUserDelegateSigningKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserDelegateSigningKeyEnrollment?action=enable
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 500
- 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'text/html;charset=utf-8'}
- 2017-05-11T02:30:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
- 2017-05-11T02:30:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
- 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 204
- 2017-05-11T02:30:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=4CA5D5654D25030CFA8BA994A4E39630; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:59Z DEBUG response body ''
- 2017-05-11T02:30:59Z DEBUG duration: 6 seconds
- 2017-05-11T02:30:59Z DEBUG [28/31]: importing IPA certificate profiles
- 2017-05-11T02:30:59Z DEBUG Created connection context.ldap2_83905744
- 2017-05-11T02:30:59Z DEBUG Created connection context.ldap2_85558352
- 2017-05-11T02:30:59Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:30:59Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x753ee18>
- 2017-05-11T02:30:59Z DEBUG Destroyed connection context.ldap2_85558352
- 2017-05-11T02:30:59Z DEBUG Created connection context.ldap2_85557968
- 2017-05-11T02:30:59Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:30:59Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x747a248>
- 2017-05-11T02:30:59Z DEBUG Destroyed connection context.ldap2_85557968
- 2017-05-11T02:30:59Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:30:59Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7320128>
- 2017-05-11T02:30:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:30:59Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:30:59Z DEBUG Trying to find certificate subject base in sysupgrade
- 2017-05-11T02:30:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
- 2017-05-11T02:30:59Z DEBUG Found certificate subject base in sysupgrade: O=RDLG.NET
- 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 200
- 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=21942F71E553053C62DEEABB57B52EDF; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:59Z DEBUG request body 'profileId=IECUserRoles\nclassId=caEnrollImpl\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\n'
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 201
- 2017-05-11T02:30:59Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-length': '7318', 'content-type': 'application/json', 'location': 'https://ipa.rdlg.net:8443/ca/rest/profiles/raw', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:59Z DEBUG response body '#Wed May 10 20:30:59 MDT 2017\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\n'
- 2017-05-11T02:30:59Z INFO Profile 'IECUserRoles' successfully migrated to LDAP
- 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/IECUserRoles?action=enable
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 204
- 2017-05-11T02:30:59Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:59Z DEBUG response body ''
- 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 204
- 2017-05-11T02:30:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=00F7BF6530451CBFBCA82ED0AA9660E8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:59Z DEBUG response body ''
- 2017-05-11T02:30:59Z INFO Imported profile 'IECUserRoles'
- 2017-05-11T02:30:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:30:59Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:30:59Z DEBUG Trying to find certificate subject base in sysupgrade
- 2017-05-11T02:30:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
- 2017-05-11T02:30:59Z DEBUG Found certificate subject base in sysupgrade: O=RDLG.NET
- 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 200
- 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=3A15D74952FE9E0184B4202C7FF0AB85; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:30:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
- 2017-05-11T02:30:59Z DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\n'
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:30:59Z DEBUG response status 409
- 2017-05-11T02:30:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:30:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
- 2017-05-11T02:30:59Z DEBUG Error migrating 'caIPAserviceCert': Non-2xx response from CA REST API: 409. Profile already exists
- 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caIPAserviceCert?action=disable
- 2017-05-11T02:30:59Z DEBUG request body ''
- 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:31:00Z DEBUG response status 204
- 2017-05-11T02:31:00Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:31:00Z DEBUG response body ''
- 2017-05-11T02:31:00Z DEBUG request PUT https://ipa.rdlg.net:8443/ca/rest/profiles/caIPAserviceCert/raw
- 2017-05-11T02:31:00Z DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\n'
- 2017-05-11T02:31:00Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:31:00Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:31:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:31:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:31:00Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:31:00Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:31:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:31:00Z DEBUG response status 200
- 2017-05-11T02:31:00Z DEBUG response headers {'content-length': '6993', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/json'}
- 2017-05-11T02:31:00Z DEBUG response body '#Wed May 10 20:31:00 MDT 2017\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\n'
- 2017-05-11T02:31:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caIPAserviceCert?action=enable
- 2017-05-11T02:31:00Z DEBUG request body ''
- 2017-05-11T02:31:00Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:31:00Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:31:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:31:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:31:00Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:31:00Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:31:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:31:00Z DEBUG response status 204
- 2017-05-11T02:31:00Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:31:00Z DEBUG response body ''
- 2017-05-11T02:31:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:31:00Z DEBUG request body ''
- 2017-05-11T02:31:00Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:31:00Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:31:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:31:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:31:00Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:31:00Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:31:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:31:00Z DEBUG response status 204
- 2017-05-11T02:31:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=612EA2986DFE7F674877A00983A19CDD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:31:00Z DEBUG response body ''
- 2017-05-11T02:31:00Z INFO Imported profile 'caIPAserviceCert'
- 2017-05-11T02:31:00Z DEBUG Destroyed connection context.ldap2_83905744
- 2017-05-11T02:31:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:31:00Z DEBUG [29/31]: adding default CA ACL
- 2017-05-11T02:31:00Z DEBUG Created connection context.ldap2_50539920
- 2017-05-11T02:31:00Z DEBUG Created connection context.ldap2_83498192
- 2017-05-11T02:31:00Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:31:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x517e908>
- 2017-05-11T02:31:00Z DEBUG Destroyed connection context.ldap2_83498192
- 2017-05-11T02:31:00Z DEBUG Created connection context.ldap2_85558160
- 2017-05-11T02:31:00Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:31:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x50d8d40>
- 2017-05-11T02:31:00Z DEBUG Destroyed connection context.ldap2_85558160
- 2017-05-11T02:31:00Z DEBUG raw: caacl_find(None, version=u'2.213')
- 2017-05-11T02:31:00Z DEBUG caacl_find(None, all=False, raw=False, version=u'2.213', no_members=True, pkey_only=False)
- 2017-05-11T02:31:00Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:31:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x22649e0>
- 2017-05-11T02:31:00Z DEBUG raw: caacl_add(u'hosts_services_caIPAserviceCert', hostcategory=u'all', servicecategory=u'all', version=u'2.213')
- 2017-05-11T02:31:00Z DEBUG caacl_add(u'hosts_services_caIPAserviceCert', hostcategory=u'all', servicecategory=u'all', all=False, raw=False, version=u'2.213', no_members=False)
- 2017-05-11T02:31:00Z DEBUG raw: caacl_add_profile(u'hosts_services_caIPAserviceCert', version=u'2.213', certprofile=(u'caIPAserviceCert',))
- 2017-05-11T02:31:00Z DEBUG caacl_add_profile(u'hosts_services_caIPAserviceCert', all=False, raw=False, version=u'2.213', no_members=False, certprofile=(u'caIPAserviceCert',))
- 2017-05-11T02:31:00Z DEBUG add_entry_to_group: dn=cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=rdlg,dc=net group_dn=ipaUniqueID=df34f9fa-35f1-11e7-9f69-0050568f60a6,cn=caacls,cn=ca,dc=rdlg,dc=net member_attr=ipamembercertprofile
- 2017-05-11T02:31:00Z DEBUG Destroyed connection context.ldap2_50539920
- 2017-05-11T02:31:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:31:00Z DEBUG [30/31]: adding 'ipa' CA entry
- 2017-05-11T02:31:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
- 2017-05-11T02:31:00Z DEBUG request body ''
- 2017-05-11T02:31:00Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:31:00Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:31:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:31:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:31:00Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:31:00Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:31:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:31:00Z DEBUG response status 200
- 2017-05-11T02:31:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=BE20BBD3EB6FF30E91831E0F9127762A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:31:00 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:31:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
- 2017-05-11T02:31:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/authorities/host-authority
- 2017-05-11T02:31:00Z DEBUG request body ''
- 2017-05-11T02:31:00Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:31:00Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:31:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:31:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:31:00Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:31:00Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:31:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:31:00Z DEBUG response status 200
- 2017-05-11T02:31:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:31:00 GMT', 'content-type': 'application/json'}
- 2017-05-11T02:31:00Z DEBUG response body '{"isHostAuthority":true,"id":"c170e458-b0c1-4298-8017-1b001e1d4d39","parentID":null,"issuerDN":"CN=Certificate Authority,O=RDLG.NET","serial":1,"dn":"CN=Certificate Authority,O=RDLG.NET","enabled":true,"description":"Host authority","ready":true,"link":null}'
- 2017-05-11T02:31:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
- 2017-05-11T02:31:00Z DEBUG request body ''
- 2017-05-11T02:31:00Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:31:00Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:31:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:31:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:31:00Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:31:00Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:31:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:31:00Z DEBUG response status 204
- 2017-05-11T02:31:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=3AEAE1DF36604D792C5B6B4A3E65640E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:31:00 GMT', 'content-type': 'application/xml'}
- 2017-05-11T02:31:00Z DEBUG response body ''
- 2017-05-11T02:31:00Z DEBUG Created connection context.ldap2_50539920
- 2017-05-11T02:31:00Z DEBUG Created connection context.ldap2_122102480
- 2017-05-11T02:31:00Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:31:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7491050>
- 2017-05-11T02:31:00Z DEBUG Destroyed connection context.ldap2_122102480
- 2017-05-11T02:31:00Z DEBUG Created connection context.ldap2_83382864
- 2017-05-11T02:31:00Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:31:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4f9bd88>
- 2017-05-11T02:31:01Z DEBUG Destroyed connection context.ldap2_83382864
- 2017-05-11T02:31:01Z DEBUG Destroyed connection context.ldap2_50539920
- 2017-05-11T02:31:01Z DEBUG duration: 0 seconds
- 2017-05-11T02:31:01Z DEBUG [31/31]: updating IPA configuration
- 2017-05-11T02:31:01Z DEBUG duration: 0 seconds
- 2017-05-11T02:31:01Z DEBUG Done configuring certificate server (pki-tomcatd).
- 2017-05-11T02:31:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:31:01Z DEBUG Starting external process
- 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -L -n RDLG.NET IPA CA -a
- 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:01Z DEBUG stdout=-----BEGIN CERTIFICATE-----
- MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
- Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
- Mjk1NloXDTM3MDUxMTAyMjk1NlowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV
- BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
- ADCCAQoCggEBAL7p94qOWxiCMRT+Engmh3SKl6MFWOgXWnYfZYd8DikRR+Lhstl0
- LYHb9OEbJW7VjhHu6TYfAyunXx1i/FWbDQy+5H/qWUZDUPNeg6D7HsJOnWjEpWsf
- 0Y8IR4dqb0nsbvscGZOY6IfxWBvTcoUpb6fATZnjJYJEXKvbwk3Fnedb/yt3Xu4j
- mPa59Ey0M43q2oRtgwZKyxn2Jjqkoze27Q6sdvCeHOlFy3kX5tzoTtmQ1moZlkYY
- a5crBdiZjG+PIv3VocYU2RzA4/r08Cs173Qpe1TLou/4zJ4Ru7qq1gbWHIN0ZDXB
- eO/CGO4iutUTzFZmrKh/eGr5l1EAXEQry+0CAwEAAaOBoDCBnTAfBgNVHSMEGDAW
- gBTKFHJz+E5g4+IfmXy8Iq2YQzXe8zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
- /wQEAwIBxjAdBgNVHQ4EFgQUyhRyc/hOYOPiH5l8vCKtmEM13vMwOgYIKwYBBQUH
- AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j
- c3AwDQYJKoZIhvcNAQELBQADggEBAAe2GwBcMyjzUn24OAMxBSDmJTr49ByS4+zu
- 7Y7gXVuS5lvMOm+DaM9UZXkQtvPwB3XtOrhX0USUhq1uhDuh2bYfkxKekGPWYyo0
- 1jDpvBp8IQaD9tcAJcc+KcAmdN2hV5r372xhWosMlT+gkqNm1tpQ15kzrHJHgGRy
- 243aRtXVr1RdTCNOm7Qplj5+xXtFyElcSFkrsqvoQrKnp0GY81zw6OmdQaC4GYAv
- uZazc5OlNNpGLDYtN5iT4VR4fIdYkfi174VtNlR1O9ZGZ+on863r9CTUhHmnzz5I
- /EfCR4uOA6jCe2XbGJMVhdZzMFWKH1ddo6WHyuzBQANOuqlAt5E=
- -----END CERTIFICATE-----
- 2017-05-11T02:31:01Z DEBUG stderr=
- 2017-05-11T02:31:01Z DEBUG Configuring directory server (dirsrv). Estimated time: 10 seconds
- 2017-05-11T02:31:01Z DEBUG [1/3]: configuring ssl for ds instance
- 2017-05-11T02:31:01Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:31:01Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:31:01Z DEBUG Starting external process
- 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -O -n ipaCert
- 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:01Z DEBUG stdout="RDLG.NET IPA CA" [CN=Certificate Authority,O=RDLG.NET]
- "ipaCert" [CN=IPA RA,O=RDLG.NET]
- 2017-05-11T02:31:01Z DEBUG stderr=
- 2017-05-11T02:31:01Z DEBUG Starting external process
- 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L -n RDLG.NET IPA CA -a
- 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:01Z DEBUG stdout=-----BEGIN CERTIFICATE-----
- MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
- Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
- Mjk1NloXDTM3MDUxMTAyMjk1NlowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV
- BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
- ADCCAQoCggEBAL7p94qOWxiCMRT+Engmh3SKl6MFWOgXWnYfZYd8DikRR+Lhstl0
- LYHb9OEbJW7VjhHu6TYfAyunXx1i/FWbDQy+5H/qWUZDUPNeg6D7HsJOnWjEpWsf
- 0Y8IR4dqb0nsbvscGZOY6IfxWBvTcoUpb6fATZnjJYJEXKvbwk3Fnedb/yt3Xu4j
- mPa59Ey0M43q2oRtgwZKyxn2Jjqkoze27Q6sdvCeHOlFy3kX5tzoTtmQ1moZlkYY
- a5crBdiZjG+PIv3VocYU2RzA4/r08Cs173Qpe1TLou/4zJ4Ru7qq1gbWHIN0ZDXB
- eO/CGO4iutUTzFZmrKh/eGr5l1EAXEQry+0CAwEAAaOBoDCBnTAfBgNVHSMEGDAW
- gBTKFHJz+E5g4+IfmXy8Iq2YQzXe8zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
- /wQEAwIBxjAdBgNVHQ4EFgQUyhRyc/hOYOPiH5l8vCKtmEM13vMwOgYIKwYBBQUH
- AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j
- c3AwDQYJKoZIhvcNAQELBQADggEBAAe2GwBcMyjzUn24OAMxBSDmJTr49ByS4+zu
- 7Y7gXVuS5lvMOm+DaM9UZXkQtvPwB3XtOrhX0USUhq1uhDuh2bYfkxKekGPWYyo0
- 1jDpvBp8IQaD9tcAJcc+KcAmdN2hV5r372xhWosMlT+gkqNm1tpQ15kzrHJHgGRy
- 243aRtXVr1RdTCNOm7Qplj5+xXtFyElcSFkrsqvoQrKnp0GY81zw6OmdQaC4GYAv
- uZazc5OlNNpGLDYtN5iT4VR4fIdYkfi174VtNlR1O9ZGZ+on863r9CTUhHmnzz5I
- /EfCR4uOA6jCe2XbGJMVhdZzMFWKH1ddo6WHyuzBQANOuqlAt5E=
- -----END CERTIFICATE-----
- 2017-05-11T02:31:01Z DEBUG stderr=
- 2017-05-11T02:31:01Z DEBUG Starting external process
- 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -L -n RDLG.NET IPA CA -a
- 2017-05-11T02:31:01Z DEBUG Process finished, return code=255
- 2017-05-11T02:31:01Z DEBUG stdout=
- 2017-05-11T02:31:01Z DEBUG stderr=certutil: Could not find cert: RDLG.NET IPA CA
- : PR_FILE_NOT_FOUND_ERROR: File not found
- 2017-05-11T02:31:01Z DEBUG Starting external process
- 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -N -f /etc/dirsrv/slapd-RDLG-NET//pwdfile.txt
- 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:01Z DEBUG stdout=
- 2017-05-11T02:31:01Z DEBUG stderr=
- 2017-05-11T02:31:01Z DEBUG Starting external process
- 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -A -n RDLG.NET IPA CA -t CT,C,C -a
- 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:01Z DEBUG stdout=
- 2017-05-11T02:31:01Z DEBUG stderr=
- 2017-05-11T02:31:01Z DEBUG Starting external process
- 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -R -s CN=ipa.rdlg.net,O=RDLG.NET -o /var/lib/ipa/ipa-93vgs6/tmpcertreq -k rsa -g 2048 -z /etc/dirsrv/slapd-RDLG-NET//noise.txt -f /etc/dirsrv/slapd-RDLG-NET//pwdfile.txt -a
- 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:01Z DEBUG stdout=
- 2017-05-11T02:31:01Z DEBUG stderr=
- Generating key. This may take a few moments...
- 2017-05-11T02:31:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/ee/ca/profileSubmitSSLClient
- 2017-05-11T02:31:01Z DEBUG request body 'profileId=caIPAserviceCert&requestor_name=IPA+Installer&cert_request=MIICbzCCAVcCAQAwKjERMA8GA1UEChMIUkRMRy5ORVQxFTATBgNVBAMTDGlwYS5y%0D%0AZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMgwaRm6Trb1%0D%0AlL%2B%2FFTUZjc20H%2BUWTjOnUsmuJkuALMdRkRnnJF2IsArm7nxxZavUvSRYw1i0ACcu%0D%0AkICy32Eb3q2lG3xFXzt9ZO%2F%2F5FTYSnR04DsM3uUPaVL9FiDtZDwnPsgPUKIuFXKb%0D%0Ac32bGmjAra3JP7TrzkowRZ8ZewXwRLcmmoT2tNvERrTndvFmnnxhXs5CNCvx308H%0D%0AyyYvRcgH14uAGnn8KdhidCDu0eyzpy3kDweyPfDW7aTqQbuoBvSftvVz9g0IxbOX%0D%0A%2BN8hbIjGN82i%2FryQoPeIvHShYAxVQ8Z%2BbPjCz%2Bz5j0l46m0pybH%2BMxMQEP%2BY456c%0D%0ARSfMHCPLkQ0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAJcP2zhNBx3EkMJv5K%0D%0Ac62goqGHKrS4r8CU%2F%2Fv8%2Fn2JS0m6F%2FvUa%2FV3WC0ymu0xcZZlDSDqa3t1xuV8wcrm%0D%0AUZrpP0J3sRl%2FyrFBWzxgqsX07wm%2BgHFFE%2BusVyWLNVABiEz1OsX6qYNPDIfwh%2FmR%0D%0A77Ngj49UKb3%2BbD%2FP%2BD3v4hjqrjxRYBpXQ%2BTtlNkYvJn%2Fc0ONjEIQHv2eD8exPaiR%0D%0A5Hx%2FA0WMViCnBRml6vCluCCs1ZDPQTu6%2B4TWZXAivUg8GkO2yRQSFKDxDtPioT9X%0D%0AfWFQuReF5ASMmhZSduO0DUt6glMXZxMI%2FnNCrhkQzKChvNsDnHu6VvA4LSYBVLL1%0D%0AX3tU%0A&cert_request_type=pkcs10&xmlOutput=true'
- 2017-05-11T02:31:01Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:31:01Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:31:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:31:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:31:01Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:31:01Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:31:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:31:01Z DEBUG response status 200
- 2017-05-11T02:31:01Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:31:01 GMT', 'content-length': '1599', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:31:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>0</Status><Requests><Request><Id>8</Id><SubjectDN>CN=ipa.rdlg.net,O=RDLG.NET</SubjectDN><serialno>8</serialno><b64>MIID/jCCAuagAwIBAgIBCDANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExHLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAyMzEwMVoXDTE5MDUxMjAyMzEwMVowKjERMA8GA1UECgwIUkRMRy5ORVQxFTATBgNVBAMMDGlwYS5yZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMgwaRm6Trb1lL+/FTUZjc20H+UWTjOnUsmuJkuALMdRkRnnJF2IsArm7nxxZavUvSRYw1i0ACcukICy32Eb3q2lG3xFXzt9ZO//5FTYSnR04DsM3uUPaVL9FiDtZDwnPsgPUKIuFXKbc32bGmjAra3JP7TrzkowRZ8ZewXwRLcmmoT2tNvERrTndvFmnnxhXs5CNCvx308HyyYvRcgH14uAGnn8KdhidCDu0eyzpy3kDweyPfDW7aTqQbuoBvSftvVz9g0IxbOX+N8hbIjGN82i/ryQoPeIvHShYAxVQ8Z+bPjCz+z5j0l46m0pybH+MxMQEP+Y456cRSfMHCPLkQ0CAwEAAaOCASQwggEgMB8GA1UdIwQYMBaAFMoUcnP4TmDj4h+ZfLwirZhDNd7zMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL2lwYS1jYS5yZGxnLm5ldC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwcwYDVR0fBGwwajBooDCgLoYsaHR0cDovL2lwYS1jYS5yZGxnLm5ldC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFO/ai4muEu3NIASl9/6y7+pL4J0xMA0GCSqGSIb3DQEBCwUAA4IBAQBlEg6LWNp8RFPgumvrJ/KHK7AY+P6BJQ8Zyk+6jfUVc6zuIuNT70Ri/BhAWeiimyfCsuNZMPQQCqeHC/sG4gQb1ICiahL9TdFHVZE6UoFTq/DEuDtzFUldUGj5Aan9BrVH36Z5MGzN4r2Hzf0DzmO02wxPpl9Y073rnF0/H4GmgAkrFrBwwmITsF448My+Q9q8sr4hh8qMdNhyDOgxfCH+fLu613be/r3EYiHvrGtwPDz02jmRIkMfWniDGuZop4LAsqoLfcAJu5oA8TCAijaUDgcm7+SyKl/QQDju2xZDrTjJfqMlymURQrI/CHj3kU7O7zDue2DMZRioLzJW5wLc</b64></Request></Requests></XMLResponse>'
- 2017-05-11T02:31:01Z DEBUG Starting external process
- 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -A -n Server-Cert -t u,u,u -i /var/lib/ipa/ipa-93vgs6/tmpcert.der -f /etc/dirsrv/slapd-RDLG-NET//pwdfile.txt
- 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:01Z DEBUG stdout=
- 2017-05-11T02:31:01Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
- 2017-05-11T02:31:01Z DEBUG Starting external process
- 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -L -n Server-Cert -a
- 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:01Z DEBUG stdout=-----BEGIN CERTIFICATE-----
- MIID/jCCAuagAwIBAgIBCDANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
- Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
- MzEwMVoXDTE5MDUxMjAyMzEwMVowKjERMA8GA1UECgwIUkRMRy5ORVQxFTATBgNV
- BAMMDGlwYS5yZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
- AMgwaRm6Trb1lL+/FTUZjc20H+UWTjOnUsmuJkuALMdRkRnnJF2IsArm7nxxZavU
- vSRYw1i0ACcukICy32Eb3q2lG3xFXzt9ZO//5FTYSnR04DsM3uUPaVL9FiDtZDwn
- PsgPUKIuFXKbc32bGmjAra3JP7TrzkowRZ8ZewXwRLcmmoT2tNvERrTndvFmnnxh
- Xs5CNCvx308HyyYvRcgH14uAGnn8KdhidCDu0eyzpy3kDweyPfDW7aTqQbuoBvSf
- tvVz9g0IxbOX+N8hbIjGN82i/ryQoPeIvHShYAxVQ8Z+bPjCz+z5j0l46m0pybH+
- MxMQEP+Y456cRSfMHCPLkQ0CAwEAAaOCASQwggEgMB8GA1UdIwQYMBaAFMoUcnP4
- TmDj4h+ZfLwirZhDNd7zMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0
- cDovL2lwYS1jYS5yZGxnLm5ldC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNV
- HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwcwYDVR0fBGwwajBooDCgLoYsaHR0
- cDovL2lwYS1jYS5yZGxnLm5ldC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAx
- DjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
- HQYDVR0OBBYEFO/ai4muEu3NIASl9/6y7+pL4J0xMA0GCSqGSIb3DQEBCwUAA4IB
- AQBlEg6LWNp8RFPgumvrJ/KHK7AY+P6BJQ8Zyk+6jfUVc6zuIuNT70Ri/BhAWeii
- myfCsuNZMPQQCqeHC/sG4gQb1ICiahL9TdFHVZE6UoFTq/DEuDtzFUldUGj5Aan9
- BrVH36Z5MGzN4r2Hzf0DzmO02wxPpl9Y073rnF0/H4GmgAkrFrBwwmITsF448My+
- Q9q8sr4hh8qMdNhyDOgxfCH+fLu613be/r3EYiHvrGtwPDz02jmRIkMfWniDGuZo
- p4LAsqoLfcAJu5oA8TCAijaUDgcm7+SyKl/QQDju2xZDrTjJfqMlymURQrI/CHj3
- kU7O7zDue2DMZRioLzJW5wLc
- -----END CERTIFICATE-----
- 2017-05-11T02:31:01Z DEBUG stderr=
- 2017-05-11T02:31:02Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
- 2017-05-11T02:31:02Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x5181878>
- 2017-05-11T02:31:02Z DEBUG duration: 1 seconds
- 2017-05-11T02:31:02Z DEBUG [2/3]: restarting directory server
- 2017-05-11T02:31:02Z DEBUG Starting external process
- 2017-05-11T02:31:02Z DEBUG args=/bin/systemctl --system daemon-reload
- 2017-05-11T02:31:02Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:02Z DEBUG stdout=
- 2017-05-11T02:31:02Z DEBUG stderr=
- 2017-05-11T02:31:02Z DEBUG Starting external process
- 2017-05-11T02:31:02Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service
- 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:05Z DEBUG stdout=
- 2017-05-11T02:31:05Z DEBUG stderr=
- 2017-05-11T02:31:05Z DEBUG Starting external process
- 2017-05-11T02:31:05Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
- 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:05Z DEBUG stdout=active
- 2017-05-11T02:31:05Z DEBUG stderr=
- 2017-05-11T02:31:05Z DEBUG wait_for_open_ports: localhost [389] timeout 300
- 2017-05-11T02:31:05Z DEBUG Starting external process
- 2017-05-11T02:31:05Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
- 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:05Z DEBUG stdout=active
- 2017-05-11T02:31:05Z DEBUG stderr=
- 2017-05-11T02:31:05Z DEBUG duration: 3 seconds
- 2017-05-11T02:31:05Z DEBUG [3/3]: adding CA certificate entry
- 2017-05-11T02:31:05Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:31:05Z DEBUG Starting external process
- 2017-05-11T02:31:05Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -L
- 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:05Z DEBUG stdout=
- Certificate Nickname Trust Attributes
- SSL,S/MIME,JAR/XPI
- Server-Cert u,u,u
- RDLG.NET IPA CA CT,C,C
- 2017-05-11T02:31:05Z DEBUG stderr=
- 2017-05-11T02:31:05Z DEBUG Starting external process
- 2017-05-11T02:31:05Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -O -n RDLG.NET IPA CA
- 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:05Z DEBUG stdout="RDLG.NET IPA CA" [CN=Certificate Authority,O=RDLG.NET]
- 2017-05-11T02:31:05Z DEBUG stderr=
- 2017-05-11T02:31:05Z DEBUG Starting external process
- 2017-05-11T02:31:05Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -L -n RDLG.NET IPA CA -a
- 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:05Z DEBUG stdout=-----BEGIN CERTIFICATE-----
- MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
- Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
- Mjk1NloXDTM3MDUxMTAyMjk1NlowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV
- BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
- ADCCAQoCggEBAL7p94qOWxiCMRT+Engmh3SKl6MFWOgXWnYfZYd8DikRR+Lhstl0
- LYHb9OEbJW7VjhHu6TYfAyunXx1i/FWbDQy+5H/qWUZDUPNeg6D7HsJOnWjEpWsf
- 0Y8IR4dqb0nsbvscGZOY6IfxWBvTcoUpb6fATZnjJYJEXKvbwk3Fnedb/yt3Xu4j
- mPa59Ey0M43q2oRtgwZKyxn2Jjqkoze27Q6sdvCeHOlFy3kX5tzoTtmQ1moZlkYY
- a5crBdiZjG+PIv3VocYU2RzA4/r08Cs173Qpe1TLou/4zJ4Ru7qq1gbWHIN0ZDXB
- eO/CGO4iutUTzFZmrKh/eGr5l1EAXEQry+0CAwEAAaOBoDCBnTAfBgNVHSMEGDAW
- gBTKFHJz+E5g4+IfmXy8Iq2YQzXe8zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
- /wQEAwIBxjAdBgNVHQ4EFgQUyhRyc/hOYOPiH5l8vCKtmEM13vMwOgYIKwYBBQUH
- AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j
- c3AwDQYJKoZIhvcNAQELBQADggEBAAe2GwBcMyjzUn24OAMxBSDmJTr49ByS4+zu
- 7Y7gXVuS5lvMOm+DaM9UZXkQtvPwB3XtOrhX0USUhq1uhDuh2bYfkxKekGPWYyo0
- 1jDpvBp8IQaD9tcAJcc+KcAmdN2hV5r372xhWosMlT+gkqNm1tpQ15kzrHJHgGRy
- 243aRtXVr1RdTCNOm7Qplj5+xXtFyElcSFkrsqvoQrKnp0GY81zw6OmdQaC4GYAv
- uZazc5OlNNpGLDYtN5iT4VR4fIdYkfi174VtNlR1O9ZGZ+on863r9CTUhHmnzz5I
- /EfCR4uOA6jCe2XbGJMVhdZzMFWKH1ddo6WHyuzBQANOuqlAt5E=
- -----END CERTIFICATE-----
- 2017-05-11T02:31:05Z DEBUG stderr=
- 2017-05-11T02:31:05Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
- 2017-05-11T02:31:05Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7493248>
- 2017-05-11T02:31:05Z DEBUG duration: 0 seconds
- 2017-05-11T02:31:05Z DEBUG Done configuring directory server (dirsrv).
- 2017-05-11T02:31:05Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:31:05Z DEBUG Starting external process
- 2017-05-11T02:31:05Z DEBUG args=keyctl get_persistent @s 0
- 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:05Z DEBUG stdout=639120935
- 2017-05-11T02:31:05Z DEBUG stderr=
- 2017-05-11T02:31:05Z DEBUG Enabling persistent keyring CCACHE
- 2017-05-11T02:31:05Z DEBUG Starting external process
- 2017-05-11T02:31:05Z DEBUG args=/bin/systemctl is-active krb5kdc.service
- 2017-05-11T02:31:05Z DEBUG Process finished, return code=3
- 2017-05-11T02:31:05Z DEBUG stdout=unknown
- 2017-05-11T02:31:05Z DEBUG stderr=
- 2017-05-11T02:31:05Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:31:05Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:31:05Z DEBUG Starting external process
- 2017-05-11T02:31:05Z DEBUG args=/bin/systemctl stop krb5kdc.service
- 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:05Z DEBUG stdout=
- 2017-05-11T02:31:05Z DEBUG stderr=
- 2017-05-11T02:31:05Z DEBUG Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds
- 2017-05-11T02:31:05Z DEBUG [1/9]: adding kerberos container to the directory
- 2017-05-11T02:31:05Z DEBUG Starting external process
- 2017-05-11T02:31:05Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpXt6UCm -H ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket -x -D cn=Directory Manager -y /tmp/tmpcFAcM2
- 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:05Z DEBUG stdout=add objectClass:
- krbContainer
- top
- add cn:
- kerberos
- adding new entry "cn=kerberos,dc=rdlg,dc=net"
- modify complete
- add cn:
- RDLG.NET
- add objectClass:
- top
- krbrealmcontainer
- krbticketpolicyaux
- add krbSubTrees:
- dc=rdlg,dc=net
- add krbSearchScope:
- 2
- add krbSupportedEncSaltTypes:
- aes256-cts:normal
- aes256-cts:special
- aes128-cts:normal
- aes128-cts:special
- des3-hmac-sha1:normal
- des3-hmac-sha1:special
- arcfour-hmac:normal
- arcfour-hmac:special
- camellia128-cts-cmac:normal
- camellia128-cts-cmac:special
- camellia256-cts-cmac:normal
- camellia256-cts-cmac:special
- add krbMaxTicketLife:
- 86400
- add krbMaxRenewableAge:
- 604800
- add krbDefaultEncSaltTypes:
- aes256-cts:special
- aes128-cts:special
- adding new entry "cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net"
- modify complete
- add objectClass:
- top
- nsContainer
- krbPwdPolicy
- add krbMinPwdLife:
- 3600
- add krbPwdMinDiffChars:
- 0
- add krbPwdMinLength:
- 8
- add krbPwdHistoryLength:
- 0
- add krbMaxPwdLife:
- 7776000
- add krbPwdMaxFailure:
- 6
- add krbPwdFailureCountInterval:
- 60
- add krbPwdLockoutDuration:
- 600
- adding new entry "cn=global_policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net"
- modify complete
- 2017-05-11T02:31:05Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RDLG-NET.socket/??base )
- 2017-05-11T02:31:05Z DEBUG duration: 0 seconds
- 2017-05-11T02:31:05Z DEBUG [2/9]: configuring KDC
- 2017-05-11T02:31:05Z DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf'
- 2017-05-11T02:31:05Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:31:05Z DEBUG Backing up system configuration file '/etc/krb5.conf'
- 2017-05-11T02:31:05Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:31:05Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini'
- 2017-05-11T02:31:05Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist
- 2017-05-11T02:31:05Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con'
- 2017-05-11T02:31:05Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist
- 2017-05-11T02:31:05Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con'
- 2017-05-11T02:31:05Z DEBUG -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist
- 2017-05-11T02:31:05Z DEBUG Starting external process
- 2017-05-11T02:31:05Z DEBUG args=klist -V
- 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:05Z DEBUG stdout=Kerberos 5 version 1.14.1
- 2017-05-11T02:31:05Z DEBUG stderr=
- 2017-05-11T02:31:05Z DEBUG Backing up system configuration file '/etc/sysconfig/krb5kdc'
- 2017-05-11T02:31:05Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:31:05Z DEBUG Starting external process
- 2017-05-11T02:31:05Z DEBUG args=/usr/sbin/selinuxenabled
- 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:05Z DEBUG stdout=
- 2017-05-11T02:31:05Z DEBUG stderr=
- 2017-05-11T02:31:05Z DEBUG Starting external process
- 2017-05-11T02:31:05Z DEBUG args=/sbin/restorecon /etc/sysconfig/krb5kdc
- 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
- 2017-05-11T02:31:05Z DEBUG stdout=
- 2017-05-11T02:31:05Z DEBUG stderr=
- 2017-05-11T02:31:05Z DEBUG duration: 0 seconds
- 2017-05-11T02:31:05Z DEBUG [3/9]: initialize kerberos container
- 2017-05-11T02:31:05Z DEBUG WARNING: Your system is running out of entropy, you may experience long delays
- 2017-05-11T02:31:05Z DEBUG WARNING: Your system is running out of entropy, you may experience long delays
- 2017-05-11T02:31:05Z DEBUG Starting external process
- 2017-05-11T02:31:05Z DEBUG args=kdb5_util create -s -r RDLG.NET -x ipa-setup-override-restrictions
- 2017-05-11T02:35:38Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:38Z DEBUG stdout=Loading random data
- Initializing database '/var/kerberos/krb5kdc/principal' for realm 'RDLG.NET',
- master key name 'K/M@RDLG.NET'
- You will be prompted for the database Master Password.
- It is important that you NOT FORGET this password.
- Enter KDC database master key:
- Re-enter KDC database master key to verify:
- 2017-05-11T02:35:38Z DEBUG stderr=
- 2017-05-11T02:35:38Z DEBUG duration: 272 seconds
- 2017-05-11T02:35:38Z DEBUG [4/9]: adding default ACIs
- 2017-05-11T02:35:38Z DEBUG Starting external process
- 2017-05-11T02:35:38Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpycj9Ve -H ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket -x -D cn=Directory Manager -y /tmp/tmpUDVrpn
- 2017-05-11T02:35:38Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:38Z DEBUG stdout=add aci:
- (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)
- modifying entry "dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)
- (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)
- (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)
- modifying entry "dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
- modifying entry "cn=etc,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
- modifying entry "cn=ipa,cn=etc,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
- (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
- (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)
- (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)
- (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)
- (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)
- (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)
- (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
- (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)
- modifying entry "cn=accounts,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
- modifying entry "cn=services,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)
- modifying entry "cn=services,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";)
- (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";)
- modifying entry "cn=computers,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)
- (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)
- modifying entry "cn=computers,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
- modifying entry "cn=computers,cn=accounts,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)
- modifying entry "cn=accounts,dc=rdlg,dc=net"
- modify complete
- add aci:
- (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)
- (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)
- (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)
- (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)
- (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)
- (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)
- modifying entry "dc=rdlg,dc=net"
- modify complete
- 2017-05-11T02:35:38Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RDLG-NET.socket/??base )
- 2017-05-11T02:35:38Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:38Z DEBUG [5/9]: creating a keytab for the directory
- 2017-05-11T02:35:38Z DEBUG Starting external process
- 2017-05-11T02:35:38Z DEBUG args=kadmin.local -q addprinc -randkey ldap/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
- 2017-05-11T02:35:38Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:38Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
- Principal "ldap/ipa.rdlg.net@RDLG.NET" created.
- 2017-05-11T02:35:38Z DEBUG stderr=WARNING: no policy specified for ldap/ipa.rdlg.net@RDLG.NET; defaulting to no policy
- 2017-05-11T02:35:38Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:35:38Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7481d88>
- 2017-05-11T02:35:38Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab'
- 2017-05-11T02:35:38Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist
- 2017-05-11T02:35:38Z DEBUG Starting external process
- 2017-05-11T02:35:38Z DEBUG args=kadmin.local -q ktadd -k /etc/dirsrv/ds.keytab ldap/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
- 2017-05-11T02:35:38Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:38Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
- Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab.
- Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab.
- Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/dirsrv/ds.keytab.
- Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/dirsrv/ds.keytab.
- Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab.
- Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab.
- 2017-05-11T02:35:38Z DEBUG stderr=
- 2017-05-11T02:35:38Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:38Z DEBUG [6/9]: creating a keytab for the machine
- 2017-05-11T02:35:38Z DEBUG Starting external process
- 2017-05-11T02:35:38Z DEBUG args=kadmin.local -q addprinc -randkey host/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
- 2017-05-11T02:35:38Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:38Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
- Principal "host/ipa.rdlg.net@RDLG.NET" created.
- 2017-05-11T02:35:38Z DEBUG stderr=WARNING: no policy specified for host/ipa.rdlg.net@RDLG.NET; defaulting to no policy
- 2017-05-11T02:35:38Z DEBUG Backing up system configuration file '/etc/krb5.keytab'
- 2017-05-11T02:35:38Z DEBUG -> Not backing up - '/etc/krb5.keytab' doesn't exist
- 2017-05-11T02:35:38Z DEBUG Starting external process
- 2017-05-11T02:35:38Z DEBUG args=kadmin.local -q ktadd -k /etc/krb5.keytab host/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
- 2017-05-11T02:35:38Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:38Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
- Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab.
- Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab.
- Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/krb5.keytab.
- Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/krb5.keytab.
- Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/krb5.keytab.
- Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/krb5.keytab.
- 2017-05-11T02:35:38Z DEBUG stderr=
- 2017-05-11T02:35:38Z DEBUG importing all plugin modules in ipaserver.plugins...
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.aci
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.automember
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.automount
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.baseldap
- 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.baseuser
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.batch
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.ca
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.caacl
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.cert
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.certprofile
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.config
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.delegation
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.dns
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.dnsserver
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.dogtag
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.domainlevel
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.group
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.hbac
- 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.hbacrule
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.hbactest
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.host
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.hostgroup
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.idrange
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.idviews
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.internal
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.join
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.ldap2
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.location
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.migration
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.misc
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.netgroup
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.otp
- 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.otp is not a valid plugin module
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.otpconfig
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.otptoken
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.passwd
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.permission
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.ping
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.pkinit
- 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.privilege
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.rabase
- 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.realmdomains
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.role
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.schema
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.selfservice
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.server
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.serverrole
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.serverroles
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.service
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.session
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.stageuser
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.sudo
- 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.sudocmd
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.sudorule
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.topology
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.trust
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.user
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.vault
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.virtual
- 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.xmlserver
- 2017-05-11T02:35:38Z DEBUG importing all plugin modules in ipaserver.install.plugins...
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.dns
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_services
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
- 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
- 2017-05-11T02:35:40Z DEBUG Created connection context.ldap2_123162512
- 2017-05-11T02:35:40Z DEBUG Destroyed connection context.ldap2_123162512
- 2017-05-11T02:35:40Z DEBUG Created connection context.ldap2_123162512
- 2017-05-11T02:35:40Z DEBUG Parsing update file '/usr/share/ipa/updates/20-ipaservers_hostgroup.update'
- 2017-05-11T02:35:40Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:35:40Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9893170>
- 2017-05-11T02:35:40Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net
- 2017-05-11T02:35:40Z DEBUG ---------------------------------------------
- 2017-05-11T02:35:40Z DEBUG Initial value
- 2017-05-11T02:35:40Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net
- 2017-05-11T02:35:40Z DEBUG objectClass:
- 2017-05-11T02:35:40Z DEBUG top
- 2017-05-11T02:35:40Z DEBUG groupOfNames
- 2017-05-11T02:35:40Z DEBUG nestedGroup
- 2017-05-11T02:35:40Z DEBUG ipaobject
- 2017-05-11T02:35:40Z DEBUG ipahostgroup
- 2017-05-11T02:35:40Z DEBUG cn:
- 2017-05-11T02:35:40Z DEBUG ipaservers
- 2017-05-11T02:35:40Z DEBUG ipaUniqueID:
- 2017-05-11T02:35:40Z DEBUG 97269128-35f1-11e7-bc0a-0050568f60a6
- 2017-05-11T02:35:40Z DEBUG description:
- 2017-05-11T02:35:40Z DEBUG IPA server hosts
- 2017-05-11T02:35:40Z DEBUG ---------------------------------------------
- 2017-05-11T02:35:40Z DEBUG Final value after applying updates
- 2017-05-11T02:35:40Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net
- 2017-05-11T02:35:40Z DEBUG objectClass:
- 2017-05-11T02:35:40Z DEBUG top
- 2017-05-11T02:35:40Z DEBUG groupOfNames
- 2017-05-11T02:35:40Z DEBUG nestedGroup
- 2017-05-11T02:35:40Z DEBUG ipaobject
- 2017-05-11T02:35:40Z DEBUG ipahostgroup
- 2017-05-11T02:35:40Z DEBUG cn:
- 2017-05-11T02:35:40Z DEBUG ipaservers
- 2017-05-11T02:35:40Z DEBUG ipaUniqueID:
- 2017-05-11T02:35:40Z DEBUG 97269128-35f1-11e7-bc0a-0050568f60a6
- 2017-05-11T02:35:40Z DEBUG description:
- 2017-05-11T02:35:40Z DEBUG IPA server hosts
- 2017-05-11T02:35:40Z DEBUG []
- 2017-05-11T02:35:40Z DEBUG Updated 0
- 2017-05-11T02:35:40Z DEBUG Done
- 2017-05-11T02:35:40Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net
- 2017-05-11T02:35:40Z DEBUG ---------------------------------------------
- 2017-05-11T02:35:40Z DEBUG Initial value
- 2017-05-11T02:35:40Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net
- 2017-05-11T02:35:40Z DEBUG objectClass:
- 2017-05-11T02:35:40Z DEBUG top
- 2017-05-11T02:35:40Z DEBUG groupOfNames
- 2017-05-11T02:35:40Z DEBUG nestedGroup
- 2017-05-11T02:35:40Z DEBUG ipaobject
- 2017-05-11T02:35:40Z DEBUG ipahostgroup
- 2017-05-11T02:35:40Z DEBUG cn:
- 2017-05-11T02:35:40Z DEBUG ipaservers
- 2017-05-11T02:35:40Z DEBUG ipaUniqueID:
- 2017-05-11T02:35:40Z DEBUG 97269128-35f1-11e7-bc0a-0050568f60a6
- 2017-05-11T02:35:40Z DEBUG description:
- 2017-05-11T02:35:40Z DEBUG IPA server hosts
- 2017-05-11T02:35:40Z DEBUG add: 'fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net' to member, current value []
- 2017-05-11T02:35:40Z DEBUG add: updated value ['fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net']
- 2017-05-11T02:35:40Z DEBUG ---------------------------------------------
- 2017-05-11T02:35:40Z DEBUG Final value after applying updates
- 2017-05-11T02:35:40Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net
- 2017-05-11T02:35:40Z DEBUG objectClass:
- 2017-05-11T02:35:40Z DEBUG top
- 2017-05-11T02:35:40Z DEBUG groupOfNames
- 2017-05-11T02:35:40Z DEBUG nestedGroup
- 2017-05-11T02:35:40Z DEBUG ipaobject
- 2017-05-11T02:35:40Z DEBUG ipahostgroup
- 2017-05-11T02:35:40Z DEBUG member:
- 2017-05-11T02:35:40Z DEBUG fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net
- 2017-05-11T02:35:40Z DEBUG cn:
- 2017-05-11T02:35:40Z DEBUG ipaservers
- 2017-05-11T02:35:40Z DEBUG ipaUniqueID:
- 2017-05-11T02:35:40Z DEBUG 97269128-35f1-11e7-bc0a-0050568f60a6
- 2017-05-11T02:35:40Z DEBUG description:
- 2017-05-11T02:35:40Z DEBUG IPA server hosts
- 2017-05-11T02:35:40Z DEBUG [(2, u'member', ['fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net'])]
- 2017-05-11T02:35:40Z DEBUG Updated 1
- 2017-05-11T02:35:40Z DEBUG Done
- 2017-05-11T02:35:40Z DEBUG Destroyed connection context.ldap2_123162512
- 2017-05-11T02:35:40Z DEBUG duration: 1 seconds
- 2017-05-11T02:35:40Z DEBUG [7/9]: adding the password extension to the directory
- 2017-05-11T02:35:40Z DEBUG Starting external process
- 2017-05-11T02:35:40Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp5TDLO1 -H ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket -x -D cn=Directory Manager -y /tmp/tmpFgblH6
- 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:40Z DEBUG stdout=add objectclass:
- top
- nsSlapdPlugin
- extensibleObject
- add cn:
- ipa_pwd_extop
- add nsslapd-pluginpath:
- libipa_pwd_extop
- add nsslapd-plugininitfunc:
- ipapwd_init
- add nsslapd-plugintype:
- extendedop
- add nsslapd-pluginbetxn:
- on
- add nsslapd-pluginenabled:
- on
- add nsslapd-pluginid:
- ipa_pwd_extop
- add nsslapd-pluginversion:
- 1.0
- add nsslapd-pluginvendor:
- RedHat
- add nsslapd-plugindescription:
- Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.)
- add nsslapd-plugin-depends-on-type:
- database
- add nsslapd-realmTree:
- dc=rdlg,dc=net
- adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config"
- modify complete
- 2017-05-11T02:35:40Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RDLG-NET.socket/??base )
- 2017-05-11T02:35:40Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:40Z DEBUG [8/9]: starting the KDC
- 2017-05-11T02:35:40Z DEBUG Starting external process
- 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl start krb5kdc.service
- 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:40Z DEBUG stdout=
- 2017-05-11T02:35:40Z DEBUG stderr=
- 2017-05-11T02:35:40Z DEBUG Starting external process
- 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl is-active krb5kdc.service
- 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:40Z DEBUG stdout=active
- 2017-05-11T02:35:40Z DEBUG stderr=
- 2017-05-11T02:35:40Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:40Z DEBUG [9/9]: configuring KDC to start on boot
- 2017-05-11T02:35:40Z DEBUG Starting external process
- 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl is-enabled krb5kdc.service
- 2017-05-11T02:35:40Z DEBUG Process finished, return code=1
- 2017-05-11T02:35:40Z DEBUG stdout=disabled
- 2017-05-11T02:35:40Z DEBUG stderr=
- 2017-05-11T02:35:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:40Z DEBUG Starting external process
- 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl disable krb5kdc.service
- 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:40Z DEBUG stdout=
- 2017-05-11T02:35:40Z DEBUG stderr=
- 2017-05-11T02:35:40Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:40Z DEBUG Done configuring Kerberos KDC (krb5kdc).
- 2017-05-11T02:35:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:40Z DEBUG Configuring kadmin
- 2017-05-11T02:35:40Z DEBUG [1/2]: starting kadmin
- 2017-05-11T02:35:40Z DEBUG Starting external process
- 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl is-active kadmin.service
- 2017-05-11T02:35:40Z DEBUG Process finished, return code=3
- 2017-05-11T02:35:40Z DEBUG stdout=unknown
- 2017-05-11T02:35:40Z DEBUG stderr=
- 2017-05-11T02:35:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:40Z DEBUG Starting external process
- 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl restart kadmin.service
- 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:40Z DEBUG stdout=
- 2017-05-11T02:35:40Z DEBUG stderr=
- 2017-05-11T02:35:40Z DEBUG Starting external process
- 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl is-active kadmin.service
- 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:40Z DEBUG stdout=active
- 2017-05-11T02:35:40Z DEBUG stderr=
- 2017-05-11T02:35:40Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:40Z DEBUG [2/2]: configuring kadmin to start on boot
- 2017-05-11T02:35:40Z DEBUG Starting external process
- 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl is-enabled kadmin.service
- 2017-05-11T02:35:40Z DEBUG Process finished, return code=1
- 2017-05-11T02:35:40Z DEBUG stdout=disabled
- 2017-05-11T02:35:40Z DEBUG stderr=
- 2017-05-11T02:35:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:40Z DEBUG Starting external process
- 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl disable kadmin.service
- 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:40Z DEBUG stdout=
- 2017-05-11T02:35:40Z DEBUG stderr=
- 2017-05-11T02:35:40Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:35:40Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e3ccb0>
- 2017-05-11T02:35:40Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:40Z DEBUG Done configuring kadmin.
- 2017-05-11T02:35:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:40Z DEBUG Starting external process
- 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl disable pki-tomcatd.target
- 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:40Z DEBUG stdout=
- 2017-05-11T02:35:40Z DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target.
- 2017-05-11T02:35:40Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:35:40Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9a3b908>
- 2017-05-11T02:35:41Z DEBUG Ensuring that service pki-tomcatd@pki-tomcat is not running while the next set of commands is being executed.
- 2017-05-11T02:35:41Z DEBUG Starting external process
- 2017-05-11T02:35:41Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
- 2017-05-11T02:35:41Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:41Z DEBUG stdout=active
- 2017-05-11T02:35:41Z DEBUG stderr=
- 2017-05-11T02:35:41Z DEBUG Stopping pki-tomcatd@pki-tomcat.
- 2017-05-11T02:35:41Z DEBUG Starting external process
- 2017-05-11T02:35:41Z DEBUG args=/bin/systemctl stop pki-tomcatd@pki-tomcat.service
- 2017-05-11T02:35:41Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:41Z DEBUG stdout=
- 2017-05-11T02:35:41Z DEBUG stderr=
- 2017-05-11T02:35:41Z DEBUG Starting pki-tomcatd@pki-tomcat.
- 2017-05-11T02:35:41Z DEBUG Starting external process
- 2017-05-11T02:35:41Z DEBUG args=/bin/systemctl start pki-tomcatd@pki-tomcat.service
- 2017-05-11T02:35:41Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:41Z DEBUG stdout=
- 2017-05-11T02:35:41Z DEBUG stderr=
- 2017-05-11T02:35:41Z DEBUG Starting external process
- 2017-05-11T02:35:41Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
- 2017-05-11T02:35:41Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:41Z DEBUG stdout=active
- 2017-05-11T02:35:41Z DEBUG stderr=
- 2017-05-11T02:35:41Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
- 2017-05-11T02:35:43Z DEBUG Waiting until the CA is running
- 2017-05-11T02:35:43Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus
- 2017-05-11T02:35:43Z DEBUG request body ''
- 2017-05-11T02:35:50Z DEBUG response status 200
- 2017-05-11T02:35:50Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:35:49 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:35:50Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>'
- 2017-05-11T02:35:50Z DEBUG The CA status is: running
- 2017-05-11T02:35:50Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
- 2017-05-11T02:35:50Z INFO [Set up lightweight CA key retrieval]
- 2017-05-11T02:35:50Z INFO Creating principal
- 2017-05-11T02:35:50Z DEBUG Starting external process
- 2017-05-11T02:35:50Z DEBUG args=kadmin.local -q addprinc -randkey dogtag/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
- 2017-05-11T02:35:50Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:50Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
- Principal "dogtag/ipa.rdlg.net@RDLG.NET" created.
- 2017-05-11T02:35:50Z DEBUG stderr=WARNING: no policy specified for dogtag/ipa.rdlg.net@RDLG.NET; defaulting to no policy
- 2017-05-11T02:35:50Z INFO Retrieving keytab
- 2017-05-11T02:35:50Z DEBUG Starting external process
- 2017-05-11T02:35:50Z DEBUG args=kadmin.local -q ktadd -k /etc/pki/pki-tomcat/dogtag.keytab dogtag/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
- 2017-05-11T02:35:50Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:50Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
- Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
- Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
- Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
- Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
- Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
- Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
- 2017-05-11T02:35:50Z DEBUG stderr=
- 2017-05-11T02:35:50Z INFO Creating Custodia keys
- 2017-05-11T02:35:50Z DEBUG Created connection context.ldap2_169661520
- 2017-05-11T02:35:50Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:35:50Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9b3aa70>
- 2017-05-11T02:35:50Z DEBUG Destroyed connection context.ldap2_169661520
- 2017-05-11T02:35:50Z DEBUG Created connection context.ldap2_169661840
- 2017-05-11T02:35:50Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:35:50Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa559e18>
- 2017-05-11T02:35:50Z DEBUG Destroyed connection context.ldap2_169661840
- 2017-05-11T02:35:51Z INFO Configuring key retriever
- 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
- 2017-05-11T02:35:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
- 2017-05-11T02:35:51Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
- 2017-05-11T02:35:51Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e3d998>
- 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:51Z DEBUG Configuring ipa_memcached
- 2017-05-11T02:35:51Z DEBUG [1/2]: starting ipa_memcached
- 2017-05-11T02:35:51Z DEBUG Starting external process
- 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl is-active ipa_memcached.service
- 2017-05-11T02:35:51Z DEBUG Process finished, return code=3
- 2017-05-11T02:35:51Z DEBUG stdout=unknown
- 2017-05-11T02:35:51Z DEBUG stderr=
- 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:51Z DEBUG Starting external process
- 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl restart ipa_memcached.service
- 2017-05-11T02:35:51Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:51Z DEBUG stdout=
- 2017-05-11T02:35:51Z DEBUG stderr=
- 2017-05-11T02:35:51Z DEBUG Starting external process
- 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl is-active ipa_memcached.service
- 2017-05-11T02:35:51Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:51Z DEBUG stdout=active
- 2017-05-11T02:35:51Z DEBUG stderr=
- 2017-05-11T02:35:51Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:51Z DEBUG [2/2]: configuring ipa_memcached to start on boot
- 2017-05-11T02:35:51Z DEBUG Starting external process
- 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl is-enabled ipa_memcached.service
- 2017-05-11T02:35:51Z DEBUG Process finished, return code=1
- 2017-05-11T02:35:51Z DEBUG stdout=disabled
- 2017-05-11T02:35:51Z DEBUG stderr=
- 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:51Z DEBUG Starting external process
- 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl disable ipa_memcached.service
- 2017-05-11T02:35:51Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:51Z DEBUG stdout=
- 2017-05-11T02:35:51Z DEBUG stderr=
- 2017-05-11T02:35:51Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
- 2017-05-11T02:35:51Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa1c41b8>
- 2017-05-11T02:35:51Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:51Z DEBUG Done configuring ipa_memcached.
- 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:51Z DEBUG Configuring ipa-otpd
- 2017-05-11T02:35:51Z DEBUG [1/2]: starting ipa-otpd
- 2017-05-11T02:35:51Z DEBUG Starting external process
- 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl is-active ipa-otpd.socket
- 2017-05-11T02:35:51Z DEBUG Process finished, return code=3
- 2017-05-11T02:35:51Z DEBUG stdout=unknown
- 2017-05-11T02:35:51Z DEBUG stderr=
- 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:51Z DEBUG Starting external process
- 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl restart ipa-otpd.socket
- 2017-05-11T02:35:51Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:51Z DEBUG stdout=
- 2017-05-11T02:35:51Z DEBUG stderr=
- 2017-05-11T02:35:51Z DEBUG Starting external process
- 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl is-active ipa-otpd.socket
- 2017-05-11T02:35:51Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:51Z DEBUG stdout=active
- 2017-05-11T02:35:51Z DEBUG stderr=
- 2017-05-11T02:35:51Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:51Z DEBUG [2/2]: configuring ipa-otpd to start on boot
- 2017-05-11T02:35:51Z DEBUG Starting external process
- 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl is-enabled ipa-otpd.socket
- 2017-05-11T02:35:51Z DEBUG Process finished, return code=1
- 2017-05-11T02:35:51Z DEBUG stdout=disabled
- 2017-05-11T02:35:51Z DEBUG stderr=
- 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:51Z DEBUG Starting external process
- 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl disable ipa-otpd.socket
- 2017-05-11T02:35:51Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:51Z DEBUG stdout=
- 2017-05-11T02:35:51Z DEBUG stderr=
- 2017-05-11T02:35:51Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
- 2017-05-11T02:35:51Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9c50710>
- 2017-05-11T02:35:52Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:52Z DEBUG Done configuring ipa-otpd.
- 2017-05-11T02:35:52Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:52Z DEBUG Configuring ipa-custodia
- 2017-05-11T02:35:52Z DEBUG [1/5]: Generating ipa-custodia config file
- 2017-05-11T02:35:52Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:52Z DEBUG [2/5]: Making sure custodia container exists
- 2017-05-11T02:35:52Z DEBUG importing all plugin modules in ipaserver.plugins...
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.aci
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.automember
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.automount
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.baseldap
- 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.baseuser
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.batch
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.ca
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.caacl
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.cert
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.certprofile
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.config
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.delegation
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.dns
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.dnsserver
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.dogtag
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.domainlevel
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.group
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.hbac
- 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.hbacrule
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.hbactest
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.host
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.hostgroup
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.idrange
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.idviews
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.internal
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.join
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.ldap2
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.location
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.migration
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.misc
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.netgroup
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.otp
- 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.otp is not a valid plugin module
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.otpconfig
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.otptoken
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.passwd
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.permission
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.ping
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.pkinit
- 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.privilege
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.rabase
- 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.realmdomains
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.role
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.schema
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.selfservice
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.server
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.serverrole
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.serverroles
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.service
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.session
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.stageuser
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.sudo
- 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.sudocmd
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.sudorule
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.topology
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.trust
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.user
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.vault
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.virtual
- 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.xmlserver
- 2017-05-11T02:35:52Z DEBUG importing all plugin modules in ipaserver.install.plugins...
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.dns
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_services
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
- 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
- 2017-05-11T02:35:53Z DEBUG Created connection context.ldap2_191452880
- 2017-05-11T02:35:53Z DEBUG Destroyed connection context.ldap2_191452880
- 2017-05-11T02:35:53Z DEBUG Created connection context.ldap2_191452880
- 2017-05-11T02:35:53Z DEBUG Parsing update file '/usr/share/ipa/updates/73-custodia.update'
- 2017-05-11T02:35:53Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:35:53Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x740d3b0>
- 2017-05-11T02:35:53Z DEBUG Updating existing entry: cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net
- 2017-05-11T02:35:53Z DEBUG ---------------------------------------------
- 2017-05-11T02:35:53Z DEBUG Initial value
- 2017-05-11T02:35:53Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net
- 2017-05-11T02:35:53Z DEBUG objectClass:
- 2017-05-11T02:35:53Z DEBUG nsContainer
- 2017-05-11T02:35:53Z DEBUG top
- 2017-05-11T02:35:53Z DEBUG cn:
- 2017-05-11T02:35:53Z DEBUG custodia
- 2017-05-11T02:35:53Z DEBUG ---------------------------------------------
- 2017-05-11T02:35:53Z DEBUG Final value after applying updates
- 2017-05-11T02:35:53Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net
- 2017-05-11T02:35:53Z DEBUG objectClass:
- 2017-05-11T02:35:53Z DEBUG nsContainer
- 2017-05-11T02:35:53Z DEBUG top
- 2017-05-11T02:35:53Z DEBUG cn:
- 2017-05-11T02:35:53Z DEBUG custodia
- 2017-05-11T02:35:53Z DEBUG []
- 2017-05-11T02:35:53Z DEBUG Updated 0
- 2017-05-11T02:35:53Z DEBUG Done
- 2017-05-11T02:35:53Z DEBUG Updating existing entry: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net
- 2017-05-11T02:35:53Z DEBUG ---------------------------------------------
- 2017-05-11T02:35:53Z DEBUG Initial value
- 2017-05-11T02:35:53Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net
- 2017-05-11T02:35:53Z DEBUG objectClass:
- 2017-05-11T02:35:53Z DEBUG nsContainer
- 2017-05-11T02:35:53Z DEBUG top
- 2017-05-11T02:35:53Z DEBUG cn:
- 2017-05-11T02:35:53Z DEBUG dogtag
- 2017-05-11T02:35:53Z DEBUG ---------------------------------------------
- 2017-05-11T02:35:53Z DEBUG Final value after applying updates
- 2017-05-11T02:35:53Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net
- 2017-05-11T02:35:53Z DEBUG objectClass:
- 2017-05-11T02:35:53Z DEBUG nsContainer
- 2017-05-11T02:35:53Z DEBUG top
- 2017-05-11T02:35:53Z DEBUG cn:
- 2017-05-11T02:35:53Z DEBUG dogtag
- 2017-05-11T02:35:53Z DEBUG []
- 2017-05-11T02:35:53Z DEBUG Updated 0
- 2017-05-11T02:35:53Z DEBUG Done
- 2017-05-11T02:35:53Z DEBUG Destroyed connection context.ldap2_191452880
- 2017-05-11T02:35:53Z DEBUG duration: 1 seconds
- 2017-05-11T02:35:53Z DEBUG [3/5]: Generating ipa-custodia keys
- 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:53Z DEBUG [4/5]: starting ipa-custodia
- 2017-05-11T02:35:53Z DEBUG Starting external process
- 2017-05-11T02:35:53Z DEBUG args=/bin/systemctl is-active ipa-custodia.service
- 2017-05-11T02:35:53Z DEBUG Process finished, return code=3
- 2017-05-11T02:35:53Z DEBUG stdout=unknown
- 2017-05-11T02:35:53Z DEBUG stderr=
- 2017-05-11T02:35:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:53Z DEBUG Starting external process
- 2017-05-11T02:35:53Z DEBUG args=/bin/systemctl restart ipa-custodia.service
- 2017-05-11T02:35:53Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:53Z DEBUG stdout=
- 2017-05-11T02:35:53Z DEBUG stderr=
- 2017-05-11T02:35:53Z DEBUG Starting external process
- 2017-05-11T02:35:53Z DEBUG args=/bin/systemctl is-active ipa-custodia.service
- 2017-05-11T02:35:53Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:53Z DEBUG stdout=active
- 2017-05-11T02:35:53Z DEBUG stderr=
- 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:53Z DEBUG [5/5]: configuring ipa-custodia to start on boot
- 2017-05-11T02:35:53Z DEBUG Starting external process
- 2017-05-11T02:35:53Z DEBUG args=/bin/systemctl is-enabled ipa-custodia.service
- 2017-05-11T02:35:53Z DEBUG Process finished, return code=1
- 2017-05-11T02:35:53Z DEBUG stdout=disabled
- 2017-05-11T02:35:53Z DEBUG stderr=
- 2017-05-11T02:35:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:53Z DEBUG Starting external process
- 2017-05-11T02:35:53Z DEBUG args=/bin/systemctl disable ipa-custodia.service
- 2017-05-11T02:35:53Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:53Z DEBUG stdout=
- 2017-05-11T02:35:53Z DEBUG stderr=
- 2017-05-11T02:35:53Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:35:53Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa5502d8>
- 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:53Z DEBUG Done configuring ipa-custodia.
- 2017-05-11T02:35:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
- 2017-05-11T02:35:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
- 2017-05-11T02:35:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:53Z DEBUG Configuring the web interface (httpd). Estimated time: 1 minute
- 2017-05-11T02:35:53Z DEBUG [1/21]: setting mod_nss port to 443
- 2017-05-11T02:35:53Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/nss.conf'
- 2017-05-11T02:35:53Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:53Z DEBUG [2/21]: setting mod_nss cipher suite
- 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:53Z DEBUG [3/21]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2
- 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:53Z DEBUG [4/21]: setting mod_nss password file
- 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:53Z DEBUG [5/21]: enabling mod_nss renegotiate
- 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:53Z DEBUG [6/21]: adding URL rewriting rules
- 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:53Z DEBUG [7/21]: configuring httpd
- 2017-05-11T02:35:53Z DEBUG Starting external process
- 2017-05-11T02:35:53Z DEBUG args=/usr/sbin/selinuxenabled
- 2017-05-11T02:35:53Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:53Z DEBUG stdout=
- 2017-05-11T02:35:53Z DEBUG stderr=
- 2017-05-11T02:35:53Z DEBUG Starting external process
- 2017-05-11T02:35:53Z DEBUG args=/sbin/restorecon /etc/systemd/system/httpd.service.d/ipa.conf
- 2017-05-11T02:35:53Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:53Z DEBUG stdout=
- 2017-05-11T02:35:53Z DEBUG stderr=
- 2017-05-11T02:35:53Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa.conf'
- 2017-05-11T02:35:53Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa.conf' doesn't exist
- 2017-05-11T02:35:53Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa-rewrite.conf'
- 2017-05-11T02:35:53Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa-rewrite.conf' doesn't exist
- 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:53Z DEBUG [8/21]: configure certmonger for renewals
- 2017-05-11T02:35:53Z DEBUG Starting external process
- 2017-05-11T02:35:53Z DEBUG args=/bin/systemctl is-active certmonger.service
- 2017-05-11T02:35:53Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:53Z DEBUG stdout=active
- 2017-05-11T02:35:53Z DEBUG stderr=
- 2017-05-11T02:35:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:54Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:54Z DEBUG [9/21]: setting up httpd keytab
- 2017-05-11T02:35:54Z DEBUG Removing service keytab: /etc/httpd/conf/ipa.keytab
- 2017-05-11T02:35:54Z DEBUG Starting external process
- 2017-05-11T02:35:54Z DEBUG args=kadmin.local -q addprinc -randkey HTTP/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
- 2017-05-11T02:35:55Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:55Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
- Principal "HTTP/ipa.rdlg.net@RDLG.NET" created.
- 2017-05-11T02:35:55Z DEBUG stderr=WARNING: no policy specified for HTTP/ipa.rdlg.net@RDLG.NET; defaulting to no policy
- 2017-05-11T02:35:55Z DEBUG Starting external process
- 2017-05-11T02:35:55Z DEBUG args=kadmin.local -q ktadd -k /etc/httpd/conf/ipa.keytab HTTP/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
- 2017-05-11T02:35:55Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:55Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
- Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/httpd/conf/ipa.keytab.
- Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/httpd/conf/ipa.keytab.
- Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/httpd/conf/ipa.keytab.
- Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/httpd/conf/ipa.keytab.
- Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/httpd/conf/ipa.keytab.
- Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/httpd/conf/ipa.keytab.
- 2017-05-11T02:35:55Z DEBUG stderr=
- 2017-05-11T02:35:55Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:35:55Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa445128>
- 2017-05-11T02:35:55Z DEBUG duration: 1 seconds
- 2017-05-11T02:35:55Z DEBUG [10/21]: setting up ssl
- 2017-05-11T02:35:55Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:35:55Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:35:55Z DEBUG Starting external process
- 2017-05-11T02:35:55Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -R -s CN=ipa.rdlg.net,O=RDLG.NET -o /var/lib/ipa/ipa-m3fgLc/tmpcertreq -k rsa -g 2048 -z /etc/httpd/alias/noise.txt -f /etc/httpd/alias/pwdfile.txt -a
- 2017-05-11T02:35:55Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:55Z DEBUG stdout=
- 2017-05-11T02:35:55Z DEBUG stderr=
- Generating key. This may take a few moments...
- 2017-05-11T02:35:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/ee/ca/profileSubmitSSLClient
- 2017-05-11T02:35:55Z DEBUG request body 'profileId=caIPAserviceCert&requestor_name=IPA+Installer&cert_request=MIICbzCCAVcCAQAwKjERMA8GA1UEChMIUkRMRy5ORVQxFTATBgNVBAMTDGlwYS5y%0D%0AZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOf3CmynQVHo%0D%0AOeJWCxBxxd0s1UmNMflddGAW4R7VWzPAmVBFNdFE7nSbqFisUdVASoTmxQaM3A1D%0D%0A6Pzh1Pc95ld0maf7vJg2MV%2FUYu9ekUtpPeGl2hQyAzGT%2ByyslwKOJPdDK5lC7%2Bhy%0D%0AIH%2FJR3c%2FwO7r3JwHm%2Fj0RbURlPiVkUbYSPYf3XftjagyeLEeFBayl%2BtXh4uPrwQE%0D%0Atx64AyRkoWgrNwnvyYm7nVvh6ef6wKi%2Fe53GiZL5tkUDqmWWNvH0CMq%2FLxibRFje%0D%0Ak31hLjk7wsV5wFmzKlZVX7piY4ldc3Fjf%2BtoAk4RBSj8w0f4yHSe1NDE7L5qviHb%0D%0AbYt11wfz9b0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAH1z8bOtgIub0uxaSV%0D%0AXVNrQpS0LGCHiX2stagaiAKcQ431tLVwrFOKA4DmS5HzSXKg6Rzo7xvwEYpq6FeZ%0D%0AflglrFvea%2FjUM8PI6lh90o4Cl7odtJANVxo2b1ix4xfsQjQoVtNH9JOqQTa%2BL3KO%0D%0AswIxJXctiHCz480g%2BA9q4%2FyYQdLdh9aP2PWBFMWkIfyIgweVNCxmCGmkcyZsq21G%0D%0A3mpPaV%2BXWpr%2BVkVScNaLmgUqnuBhOl7wkN3Qu5G%2BmHtfkrpChSskUeE6jpekXi8Z%0D%0AAq%2F2ez6uWkSCit9n33RJ4DlDjTradkjXmuOyYYrYUOAURmArpJSJScsPN0Hs3diK%0D%0A%2B96Z%0A&cert_request_type=pkcs10&xmlOutput=true'
- 2017-05-11T02:35:55Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:35:55Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:35:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:35:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:35:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:35:55Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:35:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:35:55Z DEBUG response status 200
- 2017-05-11T02:35:55Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:35:55 GMT', 'content-length': '1599', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:35:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>0</Status><Requests><Request><Id>9</Id><SubjectDN>CN=ipa.rdlg.net,O=RDLG.NET</SubjectDN><serialno>9</serialno><b64>MIID/jCCAuagAwIBAgIBCTANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExHLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAyMzU1NVoXDTE5MDUxMjAyMzU1NVowKjERMA8GA1UECgwIUkRMRy5ORVQxFTATBgNVBAMMDGlwYS5yZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOf3CmynQVHoOeJWCxBxxd0s1UmNMflddGAW4R7VWzPAmVBFNdFE7nSbqFisUdVASoTmxQaM3A1D6Pzh1Pc95ld0maf7vJg2MV/UYu9ekUtpPeGl2hQyAzGT+yyslwKOJPdDK5lC7+hyIH/JR3c/wO7r3JwHm/j0RbURlPiVkUbYSPYf3XftjagyeLEeFBayl+tXh4uPrwQEtx64AyRkoWgrNwnvyYm7nVvh6ef6wKi/e53GiZL5tkUDqmWWNvH0CMq/LxibRFjek31hLjk7wsV5wFmzKlZVX7piY4ldc3Fjf+toAk4RBSj8w0f4yHSe1NDE7L5qviHbbYt11wfz9b0CAwEAAaOCASQwggEgMB8GA1UdIwQYMBaAFMoUcnP4TmDj4h+ZfLwirZhDNd7zMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL2lwYS1jYS5yZGxnLm5ldC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwcwYDVR0fBGwwajBooDCgLoYsaHR0cDovL2lwYS1jYS5yZGxnLm5ldC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFCgX5aGyq1OOdV+Xm5P02A4icX0hMA0GCSqGSIb3DQEBCwUAA4IBAQCfMmA1pH82o8TTDmpMU0wYXm7/2IyLq54ZidGTa1pBQC57W9hTb2KkG2SjQutUmLLB21b88mXIbNSbvJpgSFlTpbaf2l+hRb3AQFdj3PTdHAOfC+/z5nPZwpf2PXfMKhfNSGZF3ACimY2HhcKOm/26oabERoVJzSFr5yTGI+HvARKc0IZ+cMP9tpGU+nTov3NsKq9SEg7gboJ81Zpo8ohFc67ZJqVFIytBowP0Gex1AS7xFU5zYJNTWtjF31XK9ejzY4mxfnR4JS+XMLO9N2819kNHUTuXuXsWYeUf5cInXHTjaDN+vIYV+5vv36TCzqibKMEOYPtsGDbpeM2QrSoT</b64></Request></Requests></XMLResponse>'
- 2017-05-11T02:35:55Z DEBUG Starting external process
- 2017-05-11T02:35:55Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -A -n Server-Cert -t u,u,u -i /var/lib/ipa/ipa-m3fgLc/tmpcert.der -f /etc/httpd/alias/pwdfile.txt
- 2017-05-11T02:35:56Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:56Z DEBUG stdout=
- 2017-05-11T02:35:56Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
- 2017-05-11T02:35:56Z DEBUG Starting external process
- 2017-05-11T02:35:56Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L -n Server-Cert -a
- 2017-05-11T02:35:56Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:56Z DEBUG stdout=-----BEGIN CERTIFICATE-----
- MIID/jCCAuagAwIBAgIBCTANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
- Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
- MzU1NVoXDTE5MDUxMjAyMzU1NVowKjERMA8GA1UECgwIUkRMRy5ORVQxFTATBgNV
- BAMMDGlwYS5yZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
- AOf3CmynQVHoOeJWCxBxxd0s1UmNMflddGAW4R7VWzPAmVBFNdFE7nSbqFisUdVA
- SoTmxQaM3A1D6Pzh1Pc95ld0maf7vJg2MV/UYu9ekUtpPeGl2hQyAzGT+yyslwKO
- JPdDK5lC7+hyIH/JR3c/wO7r3JwHm/j0RbURlPiVkUbYSPYf3XftjagyeLEeFBay
- l+tXh4uPrwQEtx64AyRkoWgrNwnvyYm7nVvh6ef6wKi/e53GiZL5tkUDqmWWNvH0
- CMq/LxibRFjek31hLjk7wsV5wFmzKlZVX7piY4ldc3Fjf+toAk4RBSj8w0f4yHSe
- 1NDE7L5qviHbbYt11wfz9b0CAwEAAaOCASQwggEgMB8GA1UdIwQYMBaAFMoUcnP4
- TmDj4h+ZfLwirZhDNd7zMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0
- cDovL2lwYS1jYS5yZGxnLm5ldC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNV
- HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwcwYDVR0fBGwwajBooDCgLoYsaHR0
- cDovL2lwYS1jYS5yZGxnLm5ldC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAx
- DjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
- HQYDVR0OBBYEFCgX5aGyq1OOdV+Xm5P02A4icX0hMA0GCSqGSIb3DQEBCwUAA4IB
- AQCfMmA1pH82o8TTDmpMU0wYXm7/2IyLq54ZidGTa1pBQC57W9hTb2KkG2SjQutU
- mLLB21b88mXIbNSbvJpgSFlTpbaf2l+hRb3AQFdj3PTdHAOfC+/z5nPZwpf2PXfM
- KhfNSGZF3ACimY2HhcKOm/26oabERoVJzSFr5yTGI+HvARKc0IZ+cMP9tpGU+nTo
- v3NsKq9SEg7gboJ81Zpo8ohFc67ZJqVFIytBowP0Gex1AS7xFU5zYJNTWtjF31XK
- 9ejzY4mxfnR4JS+XMLO9N2819kNHUTuXuXsWYeUf5cInXHTjaDN+vIYV+5vv36TC
- zqibKMEOYPtsGDbpeM2QrSoT
- -----END CERTIFICATE-----
- 2017-05-11T02:35:56Z DEBUG stderr=
- 2017-05-11T02:35:56Z DEBUG Starting external process
- 2017-05-11T02:35:56Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -R -s CN=Object Signing Cert,O=RDLG.NET -o /var/lib/ipa/ipa-m3fgLc/tmpcertreq -k rsa -g 2048 -z /etc/httpd/alias/noise.txt -f /etc/httpd/alias/pwdfile.txt -a
- 2017-05-11T02:35:56Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:56Z DEBUG stdout=
- 2017-05-11T02:35:56Z DEBUG stderr=
- Generating key. This may take a few moments...
- 2017-05-11T02:35:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/ee/ca/profileSubmitSSLClient
- 2017-05-11T02:35:56Z DEBUG request body 'profileId=caJarSigningCert&requestor_name=IPA+Installer&cert_request=MIICdjCCAV4CAQAwMTERMA8GA1UEChMIUkRMRy5ORVQxHDAaBgNVBAMTE09iamVj%0D%0AdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDw%0D%0AI5AOZ7FB%2FOYj9K4zfAohWZQINCBQlOIRva5Zv07d%2F7rhbefmeCXh0bL7es5tUOHp%0D%0AkCiY7C3ql9m%2Fyjxeys3YC%2FHBTSz%2B0KH8ZMEPszRFqj07x9bR0kwFFwBRz4nA5v4a%0D%0Aa%2B6zVLXdiG9rBG3dF7YwfXInQ3P1y32ldrDo1lPOnr7Byl9PWZrNQlKHQjXZN8qv%0D%0AM7xHcZQWSahyd0gOLGaoyGDt0opLXi49aWLePWGhJkBRtTXcZy9elBBaFZFXz4io%0D%0AqcWXyGXbQTZYVci9Vz1Sa0t7XzlLVEbu3ssom88W8eET%2FXjvJs5vAGB%2BBympU8Zr%0D%0AIc4afra7vN8NknUDRqE3AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAKxJFWbYR%0D%0AqGCP5%2BlxjyCZa7u6yiGmi0lMioP94HpKLnmL9Gi1%2F9s7q6iAq1LT8C6CH68pV22d%0D%0AqPDjsKpM6qpX%2BwybZi4mfMQNaLuj%2Fm2I%2FLA%2BGWP2vvSGPgAU76vXIGMUOSTdx9t1%0D%0AEwy9HgoRGUTf%2F5G%2BnkFoie%2Bn59kyn8WZSMVN%2BJcuFDyw1gZ21OG%2FuIbpo4fkQuBB%0D%0ATbByaP9lwWfxNjttlcMmOr2pGchZcPVu4QTlnJHfPi6N2DMcaxm%2BzO58uq6pFK4G%0D%0AJXCsK93RmVnj%2B3e1KANBPtUgF%2B6Mo6qxBWXby0n%2FIP7Se9M4jsZSinDsSmPl0u07%0D%0Aos7reNmMu3pPoQ%3D%3D%0A&cert_request_type=pkcs10&xmlOutput=true'
- 2017-05-11T02:35:56Z DEBUG NSSConnection init ipa.rdlg.net
- 2017-05-11T02:35:56Z DEBUG Connecting: 172.20.0.200:0
- 2017-05-11T02:35:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
- 2017-05-11T02:35:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
- 2017-05-11T02:35:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
- 2017-05-11T02:35:56Z DEBUG Protocol: TLS1.2
- 2017-05-11T02:35:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
- 2017-05-11T02:35:56Z DEBUG response status 200
- 2017-05-11T02:35:56Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:35:55 GMT', 'content-length': '1275', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
- 2017-05-11T02:35:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>0</Status><Requests><Request><Id>10</Id><SubjectDN>CN=Object Signing Cert,O=RDLG.NET</SubjectDN><serialno>a</serialno><b64>MIIDBDCCAeygAwIBAgIBCjANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExHLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAyMzU1NloXDTIxMDUxMTAyMzU1NlowMTERMA8GA1UEChMIUkRMRy5ORVQxHDAaBgNVBAMTE09iamVjdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwI5AOZ7FB/OYj9K4zfAohWZQINCBQlOIRva5Zv07d/7rhbefmeCXh0bL7es5tUOHpkCiY7C3ql9m/yjxeys3YC/HBTSz+0KH8ZMEPszRFqj07x9bR0kwFFwBRz4nA5v4aa+6zVLXdiG9rBG3dF7YwfXInQ3P1y32ldrDo1lPOnr7Byl9PWZrNQlKHQjXZN8qvM7xHcZQWSahyd0gOLGaoyGDt0opLXi49aWLePWGhJkBRtTXcZy9elBBaFZFXz4ioqcWXyGXbQTZYVci9Vz1Sa0t7XzlLVEbu3ssom88W8eET/XjvJs5vAGB+BympU8ZrIc4afra7vN8NknUDRqE3AgMBAAGjJTAjMA4GA1UdDwEB/wQEAwIChDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQADggEBAEU2FkOgL5VQ0A3p8mH85aUbk4/J9g50Kr+gp1OSgXZ+RuoB3iEEGDJXmoN0LSyOIsEmc8AAtAafjLPDYsz/gWy3Oj+r711Mld1eIqVbdy/l6kUx4ux+Y5QKrWRZC0/MVgV1u/BoC0hTE1Amg89SfyNy1rfaIZgHhd0/VKvqL0kxlPtfLp4JfwBC05xJsvJcU9dAHxa672krniTYDSOfpzmFBstR+QSqwZ6nA6ZGZRdvTIw1Oeh9JbjFouVJJ6Fwp+U0qM2HlIQ0jjIfh37m0enbpzjt9G6HUd6cmu6H73oOxlFjysxIhTXqHppy4wOOKYxF8+qM66XUgHnT1ePO68c=</b64></Request></Requests></XMLResponse>'
- 2017-05-11T02:35:56Z DEBUG Starting external process
- 2017-05-11T02:35:56Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -A -n Signing-Cert -t u,u,u -i /var/lib/ipa/ipa-m3fgLc/tmpcert.der -f /etc/httpd/alias/pwdfile.txt
- 2017-05-11T02:35:56Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:56Z DEBUG stdout=
- 2017-05-11T02:35:56Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
- 2017-05-11T02:35:56Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
- 2017-05-11T02:35:56Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x2252560>
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=
- Certificate Nickname Trust Attributes
- SSL,S/MIME,JAR/XPI
- Signing-Cert u,u,u
- RDLG.NET IPA CA CT,C,C
- ipaCert u,u,u
- Server-Cert u,u,u
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -O -n Signing-Cert
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout="RDLG.NET IPA CA" [CN=Certificate Authority,O=RDLG.NET]
- "Signing-Cert" [CN=Object Signing Cert,O=RDLG.NET]
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L -n RDLG.NET IPA CA -a
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=-----BEGIN CERTIFICATE-----
- MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
- Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
- Mjk1NloXDTM3MDUxMTAyMjk1NlowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV
- BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
- ADCCAQoCggEBAL7p94qOWxiCMRT+Engmh3SKl6MFWOgXWnYfZYd8DikRR+Lhstl0
- LYHb9OEbJW7VjhHu6TYfAyunXx1i/FWbDQy+5H/qWUZDUPNeg6D7HsJOnWjEpWsf
- 0Y8IR4dqb0nsbvscGZOY6IfxWBvTcoUpb6fATZnjJYJEXKvbwk3Fnedb/yt3Xu4j
- mPa59Ey0M43q2oRtgwZKyxn2Jjqkoze27Q6sdvCeHOlFy3kX5tzoTtmQ1moZlkYY
- a5crBdiZjG+PIv3VocYU2RzA4/r08Cs173Qpe1TLou/4zJ4Ru7qq1gbWHIN0ZDXB
- eO/CGO4iutUTzFZmrKh/eGr5l1EAXEQry+0CAwEAAaOBoDCBnTAfBgNVHSMEGDAW
- gBTKFHJz+E5g4+IfmXy8Iq2YQzXe8zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
- /wQEAwIBxjAdBgNVHQ4EFgQUyhRyc/hOYOPiH5l8vCKtmEM13vMwOgYIKwYBBQUH
- AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j
- c3AwDQYJKoZIhvcNAQELBQADggEBAAe2GwBcMyjzUn24OAMxBSDmJTr49ByS4+zu
- 7Y7gXVuS5lvMOm+DaM9UZXkQtvPwB3XtOrhX0USUhq1uhDuh2bYfkxKekGPWYyo0
- 1jDpvBp8IQaD9tcAJcc+KcAmdN2hV5r372xhWosMlT+gkqNm1tpQ15kzrHJHgGRy
- 243aRtXVr1RdTCNOm7Qplj5+xXtFyElcSFkrsqvoQrKnp0GY81zw6OmdQaC4GYAv
- uZazc5OlNNpGLDYtN5iT4VR4fIdYkfi174VtNlR1O9ZGZ+on863r9CTUhHmnzz5I
- /EfCR4uOA6jCe2XbGJMVhdZzMFWKH1ddo6WHyuzBQANOuqlAt5E=
- -----END CERTIFICATE-----
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/selinuxenabled
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/sbin/restorecon /etc/httpd/alias/cert8.db
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/selinuxenabled
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/sbin/restorecon /etc/httpd/alias/key3.db
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG duration: 1 seconds
- 2017-05-11T02:35:57Z DEBUG [11/21]: importing CA certificates from LDAP
- 2017-05-11T02:35:57Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -A -n RDLG.NET IPA CA -t CT,C,C
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:57Z DEBUG [12/21]: setting up browser autoconfig
- 2017-05-11T02:35:57Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=
- Certificate Nickname Trust Attributes
- SSL,S/MIME,JAR/XPI
- Signing-Cert u,u,u
- ipaCert u,u,u
- Server-Cert u,u,u
- RDLG.NET IPA CA CT,C,C
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/bin/signtool -d /etc/httpd/alias -p 2320ee37e45f78b95550 -k Signing-Cert -p 2320ee37e45f78b95550 -X -Z /usr/share/ipa/html/kerberosauth.xpi /tmp/tmp-ObzLQE/ext
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=Generating /tmp/tmp-ObzLQE/ext/META-INF/manifest.mf file..
- --> bootstrap.js
- --> chrome/content/kerberosauth.js
- --> chrome/content/kerberosauth_overlay.xul
- --> chrome.manifest
- --> install.rdf
- --> locale/en-US/kerberosauth.properties
- Generating zigbert.sf file..
- Creating XPI Compatible Archive
- adding /tmp/tmp-ObzLQE/ext/META-INF/zigbert.rsa to /usr/share/ipa/html/kerberosauth.xpi...(deflated 11%)
- --> bootstrap.js
- adding /tmp/tmp-ObzLQE/ext/bootstrap.js to /usr/share/ipa/html/kerberosauth.xpi...(deflated 67%)
- --> chrome/content/kerberosauth.js
- adding /tmp/tmp-ObzLQE/ext/chrome/content/kerberosauth.js to /usr/share/ipa/html/kerberosauth.xpi...(deflated 66%)
- --> chrome/content/kerberosauth_overlay.xul
- adding /tmp/tmp-ObzLQE/ext/chrome/content/kerberosauth_overlay.xul to /usr/share/ipa/html/kerberosauth.xpi...(deflated 34%)
- --> chrome.manifest
- adding /tmp/tmp-ObzLQE/ext/chrome.manifest to /usr/share/ipa/html/kerberosauth.xpi...(deflated 51%)
- --> install.rdf
- adding /tmp/tmp-ObzLQE/ext/install.rdf to /usr/share/ipa/html/kerberosauth.xpi...(deflated 55%)
- --> locale/en-US/kerberosauth.properties
- adding /tmp/tmp-ObzLQE/ext/locale/en-US/kerberosauth.properties to /usr/share/ipa/html/kerberosauth.xpi...(deflated 36%)
- adding /tmp/tmp-ObzLQE/ext/META-INF/manifest.mf to /usr/share/ipa/html/kerberosauth.xpi...(deflated 47%)
- adding /tmp/tmp-ObzLQE/ext/META-INF/zigbert.sf to /usr/share/ipa/html/kerberosauth.xpi...(deflated 48%)
- tree "/tmp/tmp-ObzLQE/ext" signed successfully
- 2017-05-11T02:35:57Z DEBUG stderr=warning: password (-p) option specified more than once.
- Only last specification will be used.
- 2017-05-11T02:35:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:57Z DEBUG [13/21]: publish CA cert
- 2017-05-11T02:35:57Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
- 2017-05-11T02:35:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:57Z DEBUG [14/21]: clean up any existing httpd ccache
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/bin/kdestroy -A
- 2017-05-11T02:35:57Z DEBUG runas=apache (UID 48, GID 48)
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG duration: 0 seconds
- 2017-05-11T02:35:57Z DEBUG [15/21]: configuring SELinux for httpd
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/selinuxenabled
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/getsebool httpd_can_network_connect
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=httpd_can_network_connect --> off
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:57Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/getsebool httpd_run_ipa
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=httpd_run_ipa --> off
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:57Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/getsebool httpd_manage_ipa
- 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:57Z DEBUG stdout=httpd_manage_ipa --> off
- 2017-05-11T02:35:57Z DEBUG stderr=
- 2017-05-11T02:35:57Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:57Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:35:57Z DEBUG Starting external process
- 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/setsebool -P httpd_can_network_connect=on httpd_run_ipa=on httpd_manage_ipa=on
- 2017-05-11T02:35:59Z DEBUG Process finished, return code=0
- 2017-05-11T02:35:59Z DEBUG stdout=
- 2017-05-11T02:35:59Z DEBUG stderr=
- 2017-05-11T02:35:59Z DEBUG duration: 1 seconds
- 2017-05-11T02:35:59Z DEBUG [16/21]: create KDC proxy user
- 2017-05-11T02:35:59Z DEBUG Adding group kdcproxy
- 2017-05-11T02:35:59Z DEBUG Starting external process
- 2017-05-11T02:35:59Z DEBUG args=/usr/sbin/groupadd -r kdcproxy
- 2017-05-11T02:36:00Z DEBUG Process finished, return code=0
- 2017-05-11T02:36:00Z DEBUG stdout=
- 2017-05-11T02:36:00Z DEBUG stderr=
- 2017-05-11T02:36:00Z DEBUG Done adding group
- 2017-05-11T02:36:00Z DEBUG Adding user kdcproxy
- 2017-05-11T02:36:00Z DEBUG Starting external process
- 2017-05-11T02:36:00Z DEBUG args=/usr/sbin/useradd -g kdcproxy -d /var/lib/kdcproxy -s /sbin/nologin -r kdcproxy -c IPA KDC Proxy User -m
- 2017-05-11T02:36:00Z DEBUG Process finished, return code=0
- 2017-05-11T02:36:00Z DEBUG stdout=
- 2017-05-11T02:36:00Z DEBUG stderr=
- 2017-05-11T02:36:00Z DEBUG Done adding user
- 2017-05-11T02:36:00Z DEBUG duration: 1 seconds
- 2017-05-11T02:36:00Z DEBUG [17/21]: create KDC proxy config
- 2017-05-11T02:36:00Z DEBUG Backing up system configuration file '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf'
- 2017-05-11T02:36:00Z DEBUG -> Not backing up - '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' doesn't exist
- 2017-05-11T02:36:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:36:00Z DEBUG [18/21]: enable KDC proxy
- 2017-05-11T02:36:00Z DEBUG service KDCPROXY enabled
- 2017-05-11T02:36:00Z DEBUG duration: 0 seconds
- 2017-05-11T02:36:00Z DEBUG [19/21]: restarting httpd
- 2017-05-11T02:36:00Z DEBUG Starting external process
- 2017-05-11T02:36:00Z DEBUG args=/bin/systemctl is-active httpd.service
- 2017-05-11T02:36:00Z DEBUG Process finished, return code=3
- 2017-05-11T02:36:00Z DEBUG stdout=unknown
- 2017-05-11T02:36:00Z DEBUG stderr=
- 2017-05-11T02:36:00Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:36:00Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
- 2017-05-11T02:36:00Z DEBUG Starting external process
- 2017-05-11T02:36:00Z DEBUG args=/bin/systemctl restart httpd.service
- 2017-05-11T02:36:00Z DEBUG Process finished, return code=1
- 2017-05-11T02:36:00Z DEBUG stdout=
- 2017-05-11T02:36:00Z DEBUG stderr=Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
- 2017-05-11T02:36:01Z DEBUG Traceback (most recent call last):
- File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 449, in start_creation
- run_step(full_msg, method)
- File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 439, in run_step
- method()
- File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", line 193, in __start
- self.restart()
- File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 349, in restart
- self.service.restart(instance_name, capture_output=capture_output, wait=wait)
- File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 301, in restart
- skip_output=not capture_output)
- File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 494, in run
- raise CalledProcessError(p.returncode, arg_string, str(output))
- CalledProcessError: Command '/bin/systemctl restart httpd.service' returned non-zero exit status 1
- 2017-05-11T02:36:01Z DEBUG [error] CalledProcessError: Command '/bin/systemctl restart httpd.service' returned non-zero exit status 1
- 2017-05-11T02:36:01Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
- return_value = self.run()
- File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run
- cfgr.run()
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in run
- self.execute()
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in execute
- for nothing in self._executor():
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
- self._handle_exception(exc_info)
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
- six.reraise(*exc_info)
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
- step()
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
- step = lambda: next(self.__gen)
- File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
- six.reraise(*exc_info)
- File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
- value = gen.send(prev_value)
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 586, in _configure
- next(executor)
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
- self._handle_exception(exc_info)
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception
- self.__parent._handle_exception(exc_info)
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
- six.reraise(*exc_info)
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception
- super(ComponentBase, self)._handle_exception(exc_info)
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
- six.reraise(*exc_info)
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
- step()
- File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
- step = lambda: next(self.__gen)
- File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
- six.reraise(*exc_info)
- File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
- value = gen.send(prev_value)
- File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
- for nothing in self._installer(self.parent):
- File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 1357, in main
- install(self)
- File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 267, in decorated
- func(installer)
- File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 830, in install
- ca_is_configured=setup_ca)
- File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", line 189, in create_instance
- self.start_creation(runtime=60)
- File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 449, in start_creation
- run_step(full_msg, method)
- File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 439, in run_step
- method()
- File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", line 193, in __start
- self.restart()
- File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 349, in restart
- self.service.restart(instance_name, capture_output=capture_output, wait=wait)
- File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 301, in restart
- skip_output=not capture_output)
- File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 494, in run
- raise CalledProcessError(p.returncode, arg_string, str(output))
- 2017-05-11T02:36:01Z DEBUG The ipa-server-install command failed, exception: CalledProcessError: Command '/bin/systemctl restart httpd.service' returned non-zero exit status 1
- 2017-05-11T02:36:01Z ERROR Command '/bin/systemctl restart httpd.service' returned non-zero exit status 1
- 2017-05-11T02:36:01Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
Add Comment
Please, Sign In to add comment