ipaserver-install.log

1. 2017-05-11T02:28:22Z DEBUG Logging to /var/log/ipaserver-install.log
2. 2017-05-11T02:28:22Z DEBUG ipa-server-install was invoked with arguments [] and options: {'no_dns_sshfp': None, 'ignore_topology_disconnect': None, 'verbose': False, 'ip_addresses': None, 'domainlevel': None, 'mkhomedir': None, 'http_cert_files': None, 'no_ntp': None, 'reverse_zones': None, 'no_forwarders': None, 'external_ca_type': None, 'ssh_trust_dns': None, 'domain_name': None, 'idmax': None, 'http_cert_name': None, 'dirsrv_cert_files': None, 'no_dnssec_validation': None, 'ca_signing_algorithm': None, 'no_reverse': None, 'subject': None, 'unattended': False, 'auto_reverse': None, 'auto_forwarders': None, 'no_host_dns': None, 'no_sshd': None, 'no_ui_redirect': None, 'ignore_last_of_role': None, 'realm_name': None, 'forwarders': None, 'idstart': None, 'external_ca': None, 'no_ssh': None, 'external_cert_files': None, 'no_hbac_allow': None, 'forward_policy': None, 'dirsrv_cert_name': None, 'ca_cert_files': None, 'zonemgr': None, 'quiet': False, 'setup_dns': None, 'host_name': None, 'dirsrv_config_file': None, 'log_file': None, 'allow_zone_overlap': None, 'uninstall': False}
3. 2017-05-11T02:28:22Z DEBUG IPA version 4.4.0-14.el7.centos.7
4. 2017-05-11T02:28:22Z DEBUG Starting external process
5. 2017-05-11T02:28:22Z DEBUG args=/usr/sbin/selinuxenabled
6. 2017-05-11T02:28:22Z DEBUG Process finished, return code=0
7. 2017-05-11T02:28:22Z DEBUG stdout=
8. 2017-05-11T02:28:22Z DEBUG stderr=
9. 2017-05-11T02:28:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
10. 2017-05-11T02:28:22Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
11. 2017-05-11T02:28:22Z DEBUG httpd is not configured
12. 2017-05-11T02:28:22Z DEBUG kadmin is not configured
13. 2017-05-11T02:28:22Z DEBUG dirsrv is not configured
14. 2017-05-11T02:28:22Z DEBUG pki-tomcatd is not configured
15. 2017-05-11T02:28:22Z DEBUG install is not configured
16. 2017-05-11T02:28:22Z DEBUG krb5kdc is not configured
17. 2017-05-11T02:28:22Z DEBUG ntpd is not configured
18. 2017-05-11T02:28:22Z DEBUG named is not configured
19. 2017-05-11T02:28:22Z DEBUG ipa_memcached is not configured
20. 2017-05-11T02:28:22Z DEBUG filestore is tracking no files
21. 2017-05-11T02:28:22Z DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index'
22. 2017-05-11T02:28:22Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
23. 2017-05-11T02:28:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
24. 2017-05-11T02:28:22Z DEBUG Starting external process
25. 2017-05-11T02:28:22Z DEBUG args=/bin/systemctl is-enabled chronyd.service
26. 2017-05-11T02:28:22Z DEBUG Process finished, return code=1
27. 2017-05-11T02:28:22Z DEBUG stdout=
28. 2017-05-11T02:28:22Z DEBUG stderr=Failed to get unit file state for chronyd.service: No such file or directory
29.  
30. 2017-05-11T02:28:22Z DEBUG Starting external process
31. 2017-05-11T02:28:22Z DEBUG args=/bin/systemctl is-active chronyd.service
32. 2017-05-11T02:28:22Z DEBUG Process finished, return code=3
33. 2017-05-11T02:28:22Z DEBUG stdout=unknown
34.  
35. 2017-05-11T02:28:22Z DEBUG stderr=
36. 2017-05-11T02:28:22Z DEBUG Starting external process
37. 2017-05-11T02:28:22Z DEBUG args=/usr/sbin/httpd -t -D DUMP_VHOSTS
38. 2017-05-11T02:28:23Z DEBUG Process finished, return code=1
39. 2017-05-11T02:28:23Z DEBUG stdout=
40. 2017-05-11T02:28:23Z DEBUG stderr=AH00544: httpd: bad group name apache
41.  
42. 2017-05-11T02:28:23Z DEBUG WARNING: cannot check if port 443 is already configured
43. 2017-05-11T02:28:23Z DEBUG httpd returned error when checking: Command '/usr/sbin/httpd -t -D DUMP_VHOSTS' returned non-zero exit status 1
44. 2017-05-11T02:28:28Z DEBUG Check if ipa.rdlg.net is a primary hostname for localhost
45. 2017-05-11T02:28:28Z DEBUG Primary hostname for localhost: ipa.rdlg.net
46. 2017-05-11T02:28:28Z DEBUG Search DNS for ipa.rdlg.net
47. 2017-05-11T02:28:28Z DEBUG Check if ipa.rdlg.net is not a CNAME
48. 2017-05-11T02:28:28Z DEBUG Check reverse address of 172.20.0.200
49. 2017-05-11T02:28:28Z DEBUG Found reverse name: ipa.rdlg.net
50. 2017-05-11T02:28:28Z DEBUG will use host_name: ipa.rdlg.net
51.  
52. 2017-05-11T02:28:29Z DEBUG read domain_name: rdlg.net
53.  
54. 2017-05-11T02:28:29Z DEBUG read realm_name: RDLG.NET
55.  
56. 2017-05-11T02:28:48Z DEBUG importing all plugin modules in ipaserver.plugins...
57. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.aci
58. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.automember
59. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.automount
60. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.baseldap
61. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
62. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.baseuser
63. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.batch
64. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.ca
65. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.caacl
66. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.cert
67. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.certprofile
68. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.config
69. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.delegation
70. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.dns
71. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.dnsserver
72. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.dogtag
73. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.domainlevel
74. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.group
75. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbac
76. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
77. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbacrule
78. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
79. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
80. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hbactest
81. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.host
82. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.hostgroup
83. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.idrange
84. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.idviews
85. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.internal
86. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.join
87. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
88. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.ldap2
89. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.location
90. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.migration
91. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.misc
92. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.netgroup
93. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.otp
94. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.otp is not a valid plugin module
95. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.otpconfig
96. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.otptoken
97. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.passwd
98. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.permission
99. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.ping
100. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.pkinit
101. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module
102. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.privilege
103. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
104. 2017-05-11T02:28:48Z DEBUG Starting external process
105. 2017-05-11T02:28:48Z DEBUG args=klist -V
106. 2017-05-11T02:28:48Z DEBUG Process finished, return code=0
107. 2017-05-11T02:28:48Z DEBUG stdout=Kerberos 5 version 1.14.1
108.  
109. 2017-05-11T02:28:48Z DEBUG stderr=
110. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.rabase
111. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
112. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
113. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.realmdomains
114. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.role
115. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.schema
116. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.selfservice
117. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
118. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.server
119. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.serverrole
120. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.serverroles
121. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.service
122. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
123. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.session
124. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.stageuser
125. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.sudo
126. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
127. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.sudocmd
128. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
129. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.sudorule
130. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.topology
131. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.trust
132. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.user
133. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.vault
134. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.virtual
135. 2017-05-11T02:28:48Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
136. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.plugins.xmlserver
137. 2017-05-11T02:28:48Z DEBUG importing all plugin modules in ipaserver.install.plugins...
138. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
139. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
140. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.dns
141. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
142. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
143. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
144. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
145. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
146. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
147. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
148. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
149. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
150. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_services
151. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
152. 2017-05-11T02:28:48Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
153. 2017-05-11T02:28:49Z DEBUG Name ipa.rdlg.net. resolved to set([UnsafeIPAddress('2001:470:4b:57c::200'), UnsafeIPAddress('172.20.0.200')])
154. 2017-05-11T02:28:49Z WARNING Invalid IP address 2001:470:4b:57c::200 for ipa.rdlg.net: no network interface matches the IP address and netmask 2001:470:4b:57c::200
155. 2017-05-11T02:28:53Z DEBUG group dirsrv exists
156. 2017-05-11T02:28:53Z DEBUG user dirsrv exists
157. 2017-05-11T02:28:53Z DEBUG Starting external process
158. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-enabled chronyd.service
159. 2017-05-11T02:28:53Z DEBUG Process finished, return code=1
160. 2017-05-11T02:28:53Z DEBUG stdout=
161. 2017-05-11T02:28:53Z DEBUG stderr=Failed to get unit file state for chronyd.service: No such file or directory
162.  
163. 2017-05-11T02:28:53Z DEBUG Starting external process
164. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-active chronyd.service
165. 2017-05-11T02:28:53Z DEBUG Process finished, return code=3
166. 2017-05-11T02:28:53Z DEBUG stdout=unknown
167.  
168. 2017-05-11T02:28:53Z DEBUG stderr=
169. 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
170. 2017-05-11T02:28:53Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
171. 2017-05-11T02:28:53Z DEBUG Configuring NTP daemon (ntpd)
172. 2017-05-11T02:28:53Z DEBUG [1/4]: stopping ntpd
173. 2017-05-11T02:28:53Z DEBUG Starting external process
174. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-active ntpd.service
175. 2017-05-11T02:28:53Z DEBUG Process finished, return code=3
176. 2017-05-11T02:28:53Z DEBUG stdout=unknown
177.  
178. 2017-05-11T02:28:53Z DEBUG stderr=
179. 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
180. 2017-05-11T02:28:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
181. 2017-05-11T02:28:53Z DEBUG Starting external process
182. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl stop ntpd.service
183. 2017-05-11T02:28:53Z DEBUG Process finished, return code=0
184. 2017-05-11T02:28:53Z DEBUG stdout=
185. 2017-05-11T02:28:53Z DEBUG stderr=
186. 2017-05-11T02:28:53Z DEBUG duration: 0 seconds
187. 2017-05-11T02:28:53Z DEBUG [2/4]: writing configuration
188. 2017-05-11T02:28:53Z DEBUG Backing up system configuration file '/etc/ntp.conf'
189. 2017-05-11T02:28:53Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
190. 2017-05-11T02:28:53Z DEBUG Backing up system configuration file '/etc/sysconfig/ntpd'
191. 2017-05-11T02:28:53Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
192. 2017-05-11T02:28:53Z DEBUG duration: 0 seconds
193. 2017-05-11T02:28:53Z DEBUG [3/4]: configuring ntpd to start on boot
194. 2017-05-11T02:28:53Z DEBUG Starting external process
195. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-enabled ntpd.service
196. 2017-05-11T02:28:53Z DEBUG Process finished, return code=1
197. 2017-05-11T02:28:53Z DEBUG stdout=disabled
198.  
199. 2017-05-11T02:28:53Z DEBUG stderr=
200. 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
201. 2017-05-11T02:28:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
202. 2017-05-11T02:28:53Z DEBUG Starting external process
203. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl enable ntpd.service
204. 2017-05-11T02:28:53Z DEBUG Process finished, return code=0
205. 2017-05-11T02:28:53Z DEBUG stdout=
206. 2017-05-11T02:28:53Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
207.  
208. 2017-05-11T02:28:53Z DEBUG duration: 0 seconds
209. 2017-05-11T02:28:53Z DEBUG [4/4]: starting ntpd
210. 2017-05-11T02:28:53Z DEBUG Starting external process
211. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl start ntpd.service
212. 2017-05-11T02:28:53Z DEBUG Process finished, return code=0
213. 2017-05-11T02:28:53Z DEBUG stdout=
214. 2017-05-11T02:28:53Z DEBUG stderr=
215. 2017-05-11T02:28:53Z DEBUG Starting external process
216. 2017-05-11T02:28:53Z DEBUG args=/bin/systemctl is-active ntpd.service
217. 2017-05-11T02:28:53Z DEBUG Process finished, return code=0
218. 2017-05-11T02:28:53Z DEBUG stdout=active
219.  
220. 2017-05-11T02:28:53Z DEBUG stderr=
221. 2017-05-11T02:28:53Z DEBUG duration: 0 seconds
222. 2017-05-11T02:28:53Z DEBUG Done configuring NTP daemon (ntpd).
223. 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
224. 2017-05-11T02:28:53Z DEBUG Configuring directory server (dirsrv). Estimated time: 1 minute
225. 2017-05-11T02:28:53Z DEBUG [1/47]: creating directory server user
226. 2017-05-11T02:28:53Z DEBUG group dirsrv exists
227. 2017-05-11T02:28:53Z DEBUG user dirsrv exists
228. 2017-05-11T02:28:53Z DEBUG duration: 0 seconds
229. 2017-05-11T02:28:53Z DEBUG [2/47]: creating directory server instance
230. 2017-05-11T02:28:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
231. 2017-05-11T02:28:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
232. 2017-05-11T02:28:53Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
233. 2017-05-11T02:28:53Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
234. 2017-05-11T02:28:53Z DEBUG
235. dn: dc=rdlg,dc=net
236. objectClass: top
237. objectClass: domain
238. objectClass: pilotObject
239. dc: rdlg
240. info: IPA V2.0
241.  
242. 2017-05-11T02:28:53Z DEBUG writing inf template
243. 2017-05-11T02:28:53Z DEBUG
244. [General]
245. FullMachineName= ipa.rdlg.net
246. SuiteSpotUserID= dirsrv
247. SuiteSpotGroup= dirsrv
248. ServerRoot= /usr/lib64/dirsrv
249. [slapd]
250. ServerPort= 389
251. ServerIdentifier= RDLG-NET
252. Suffix= dc=rdlg,dc=net
253. RootDN= cn=Directory Manager
254. InstallLdifFile= /var/lib/dirsrv/boot.ldif
255. inst_dir= /var/lib/dirsrv/scripts-RDLG-NET
256.  
257. 2017-05-11T02:28:53Z DEBUG calling setup-ds.pl
258. 2017-05-11T02:28:53Z DEBUG Starting external process
259. 2017-05-11T02:28:53Z DEBUG args=/usr/sbin/setup-ds.pl --silent --logfile - -f /tmp/tmpmiLtpo
260. 2017-05-11T02:28:56Z DEBUG Process finished, return code=0
261. 2017-05-11T02:28:56Z DEBUG stdout=[17/05/10:20:28:56] - [Setup] Info Your new DS instance 'RDLG-NET' was successfully created.
262. Your new DS instance 'RDLG-NET' was successfully created.
263. [17/05/10:20:28:56] - [Setup] Success Exiting . . .
264. Log file is '-'
265.  
266. Exiting . . .
267. Log file is '-'
268.  
269.  
270. 2017-05-11T02:28:56Z DEBUG stderr=
271. 2017-05-11T02:28:56Z DEBUG completed creating ds instance
272. 2017-05-11T02:28:56Z DEBUG duration: 2 seconds
273. 2017-05-11T02:28:56Z DEBUG [3/47]: updating configuration in dse.ldif
274. 2017-05-11T02:28:56Z DEBUG Starting external process
275. 2017-05-11T02:28:56Z DEBUG args=/bin/systemctl stop dirsrv@RDLG-NET.service
276. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
277. 2017-05-11T02:28:57Z DEBUG stdout=
278. 2017-05-11T02:28:57Z DEBUG stderr=
279. 2017-05-11T02:28:57Z DEBUG duration: 1 seconds
280. 2017-05-11T02:28:57Z DEBUG [4/47]: restarting directory server
281. 2017-05-11T02:28:57Z DEBUG Starting external process
282. 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl --system daemon-reload
283. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
284. 2017-05-11T02:28:57Z DEBUG stdout=
285. 2017-05-11T02:28:57Z DEBUG stderr=
286. 2017-05-11T02:28:57Z DEBUG Starting external process
287. 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service
288. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
289. 2017-05-11T02:28:57Z DEBUG stdout=
290. 2017-05-11T02:28:57Z DEBUG stderr=
291. 2017-05-11T02:28:57Z DEBUG Starting external process
292. 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
293. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
294. 2017-05-11T02:28:57Z DEBUG stdout=active
295.  
296. 2017-05-11T02:28:57Z DEBUG stderr=
297. 2017-05-11T02:28:57Z DEBUG wait_for_open_ports: localhost [389] timeout 300
298. 2017-05-11T02:28:57Z DEBUG Starting external process
299. 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
300. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
301. 2017-05-11T02:28:57Z DEBUG stdout=active
302.  
303. 2017-05-11T02:28:57Z DEBUG stderr=
304. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
305. 2017-05-11T02:28:57Z DEBUG [5/47]: adding default schema
306. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
307. 2017-05-11T02:28:57Z DEBUG [6/47]: enabling memberof plugin
308. 2017-05-11T02:28:57Z DEBUG Starting external process
309. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/memberof-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpKgPX2M
310. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
311. 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-pluginenabled:
312. on
313. add memberofgroupattr:
314. memberUser
315. add memberofgroupattr:
316. memberHost
317. modifying entry "cn=MemberOf Plugin,cn=plugins,cn=config"
318. modify complete
319.  
320.  
321. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
322.  
323. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
324. 2017-05-11T02:28:57Z DEBUG [7/47]: enabling winsync plugin
325. 2017-05-11T02:28:57Z DEBUG Starting external process
326. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-winsync-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpF3BdZ4
327. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
328. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
329. top
330. nsSlapdPlugin
331. extensibleObject
332. add cn:
333. ipa-winsync
334. add nsslapd-pluginpath:
335. libipa_winsync
336. add nsslapd-plugininitfunc:
337. ipa_winsync_plugin_init
338. add nsslapd-pluginDescription:
339. Allows IPA to work with the DS windows sync feature
340. add nsslapd-pluginid:
341. ipa-winsync
342. add nsslapd-pluginversion:
343. 1.0
344. add nsslapd-pluginvendor:
345. Red Hat
346. add nsslapd-plugintype:
347. preoperation
348. add nsslapd-pluginenabled:
349. on
350. add nsslapd-plugin-depends-on-type:
351. database
352. add ipaWinSyncRealmFilter:
353. (objectclass=krbRealmContainer)
354. add ipaWinSyncRealmAttr:
355. cn
356. add ipaWinSyncNewEntryFilter:
357. (cn=ipaConfig)
358. add ipaWinSyncNewUserOCAttr:
359. ipauserobjectclasses
360. add ipaWinSyncUserFlatten:
361. true
362. add ipaWinsyncHomeDirAttr:
363. ipaHomesRootDir
364. add ipaWinsyncLoginShellAttr:
365. ipaDefaultLoginShell
366. add ipaWinSyncDefaultGroupAttr:
367. ipaDefaultPrimaryGroup
368. add ipaWinSyncDefaultGroupFilter:
369. (gidNumber=*)(objectclass=posixGroup)(objectclass=groupOfNames)
370. add ipaWinSyncAcctDisable:
371. both
372. add ipaWinSyncForceSync:
373. true
374. add ipaWinSyncUserAttr:
375. uidNumber -1
376. gidNumber -1
377. adding new entry "cn=ipa-winsync,cn=plugins,cn=config"
378. modify complete
379.  
380.  
381. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
382.  
383. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
384. 2017-05-11T02:28:57Z DEBUG [8/47]: configuring replication version plugin
385. 2017-05-11T02:28:57Z DEBUG Starting external process
386. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/version-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpqxOMrO
387. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
388. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
389. top
390. nsSlapdPlugin
391. extensibleObject
392. add cn:
393. IPA Version Replication
394. add nsslapd-pluginpath:
395. libipa_repl_version
396. add nsslapd-plugininitfunc:
397. repl_version_plugin_init
398. add nsslapd-plugintype:
399. preoperation
400. add nsslapd-pluginenabled:
401. off
402. add nsslapd-pluginid:
403. ipa_repl_version
404. add nsslapd-pluginversion:
405. 1.0
406. add nsslapd-pluginvendor:
407. Red Hat, Inc.
408. add nsslapd-plugindescription:
409. IPA Replication version plugin
410. add nsslapd-plugin-depends-on-type:
411. database
412. add nsslapd-plugin-depends-on-named:
413. Multimaster Replication Plugin
414. adding new entry "cn=IPA Version Replication,cn=plugins,cn=config"
415. modify complete
416.  
417.  
418. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
419.  
420. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
421. 2017-05-11T02:28:57Z DEBUG [9/47]: enabling IPA enrollment plugin
422. 2017-05-11T02:28:57Z DEBUG Starting external process
423. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp09vPNA -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpErHyRi
424. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
425. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
426. top
427. nsSlapdPlugin
428. extensibleObject
429. add cn:
430. ipa_enrollment_extop
431. add nsslapd-pluginpath:
432. libipa_enrollment_extop
433. add nsslapd-plugininitfunc:
434. ipaenrollment_init
435. add nsslapd-plugintype:
436. extendedop
437. add nsslapd-pluginenabled:
438. on
439. add nsslapd-pluginid:
440. ipa_enrollment_extop
441. add nsslapd-pluginversion:
442. 1.0
443. add nsslapd-pluginvendor:
444. RedHat
445. add nsslapd-plugindescription:
446. Enroll hosts into the IPA domain
447. add nsslapd-plugin-depends-on-type:
448. database
449. add nsslapd-realmTree:
450. dc=rdlg,dc=net
451. adding new entry "cn=ipa_enrollment_extop,cn=plugins,cn=config"
452. modify complete
453.  
454.  
455. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
456.  
457. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
458. 2017-05-11T02:28:57Z DEBUG [10/47]: enabling ldapi
459. 2017-05-11T02:28:57Z DEBUG Starting external process
460. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpSGtAJI -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp2x05Y4
461. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
462. 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-ldapilisten:
463. on
464. modifying entry "cn=config"
465. modify complete
466.  
467.  
468. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
469.  
470. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
471. 2017-05-11T02:28:57Z DEBUG [11/47]: configuring uniqueness plugin
472. 2017-05-11T02:28:57Z DEBUG Starting external process
473. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpsHfFGc -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpW0Bzu0
474. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
475. 2017-05-11T02:28:57Z DEBUG stdout=add objectClass:
476. top
477. nsSlapdPlugin
478. extensibleObject
479. add cn:
480. krbPrincipalName uniqueness
481. add nsslapd-pluginPath:
482. libattr-unique-plugin
483. add nsslapd-pluginInitfunc:
484. NSUniqueAttr_Init
485. add nsslapd-pluginType:
486. preoperation
487. add nsslapd-pluginEnabled:
488. on
489. add uniqueness-attribute-name:
490. krbPrincipalName
491. add nsslapd-plugin-depends-on-type:
492. database
493. add nsslapd-pluginId:
494. NSUniqueAttr
495. add nsslapd-pluginVersion:
496. 1.1.0
497. add nsslapd-pluginVendor:
498. Fedora Project
499. add nsslapd-pluginDescription:
500. Enforce unique attribute values
501. add uniqueness-subtrees:
502. dc=rdlg,dc=net
503. add uniqueness-exclude-subtrees:
504. cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net
505. add uniqueness-across-all-subtrees:
506. on
507. adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config"
508. modify complete
509.  
510. add objectClass:
511. top
512. nsSlapdPlugin
513. extensibleObject
514. add cn:
515. krbCanonicalName uniqueness
516. add nsslapd-pluginPath:
517. libattr-unique-plugin
518. add nsslapd-pluginInitfunc:
519. NSUniqueAttr_Init
520. add nsslapd-pluginType:
521. preoperation
522. add nsslapd-pluginEnabled:
523. on
524. add uniqueness-attribute-name:
525. krbCanonicalName
526. add nsslapd-plugin-depends-on-type:
527. database
528. add nsslapd-pluginId:
529. NSUniqueAttr
530. add nsslapd-pluginVersion:
531. 1.1.0
532. add nsslapd-pluginVendor:
533. Fedora Project
534. add nsslapd-pluginDescription:
535. Enforce unique attribute values
536. add uniqueness-subtrees:
537. dc=rdlg,dc=net
538. add uniqueness-exclude-subtrees:
539. cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net
540. add uniqueness-across-all-subtrees:
541. on
542. adding new entry "cn=krbCanonicalName uniqueness,cn=plugins,cn=config"
543. modify complete
544.  
545. add objectClass:
546. top
547. nsSlapdPlugin
548. extensibleObject
549. add cn:
550. netgroup uniqueness
551. add nsslapd-pluginPath:
552. libattr-unique-plugin
553. add nsslapd-pluginInitfunc:
554. NSUniqueAttr_Init
555. add nsslapd-pluginType:
556. preoperation
557. add nsslapd-pluginEnabled:
558. on
559. add uniqueness-attribute-name:
560. cn
561. add uniqueness-subtrees:
562. cn=ng,cn=alt,dc=rdlg,dc=net
563. add nsslapd-plugin-depends-on-type:
564. database
565. add nsslapd-pluginId:
566. NSUniqueAttr
567. add nsslapd-pluginVersion:
568. 1.1.0
569. add nsslapd-pluginVendor:
570. Fedora Project
571. add nsslapd-pluginDescription:
572. Enforce unique attribute values
573. adding new entry "cn=netgroup uniqueness,cn=plugins,cn=config"
574. modify complete
575.  
576. add objectClass:
577. top
578. nsSlapdPlugin
579. extensibleObject
580. add cn:
581. ipaUniqueID uniqueness
582. add nsslapd-pluginPath:
583. libattr-unique-plugin
584. add nsslapd-pluginInitfunc:
585. NSUniqueAttr_Init
586. add nsslapd-pluginType:
587. preoperation
588. add nsslapd-pluginEnabled:
589. on
590. add uniqueness-attribute-name:
591. ipaUniqueID
592. add nsslapd-plugin-depends-on-type:
593. database
594. add nsslapd-pluginId:
595. NSUniqueAttr
596. add nsslapd-pluginVersion:
597. 1.1.0
598. add nsslapd-pluginVendor:
599. Fedora Project
600. add nsslapd-pluginDescription:
601. Enforce unique attribute values
602. add uniqueness-subtrees:
603. dc=rdlg,dc=net
604. add uniqueness-exclude-subtrees:
605. cn=staged users,cn=accounts,cn=provisioning,dc=rdlg,dc=net
606. add uniqueness-across-all-subtrees:
607. on
608. adding new entry "cn=ipaUniqueID uniqueness,cn=plugins,cn=config"
609. modify complete
610.  
611. add objectClass:
612. top
613. nsSlapdPlugin
614. extensibleObject
615. add cn:
616. sudorule name uniqueness
617. add nsslapd-pluginDescription:
618. Enforce unique attribute values
619. add nsslapd-pluginPath:
620. libattr-unique-plugin
621. add nsslapd-pluginInitfunc:
622. NSUniqueAttr_Init
623. add nsslapd-pluginType:
624. preoperation
625. add nsslapd-pluginEnabled:
626. on
627. add uniqueness-attribute-name:
628. cn
629. add uniqueness-subtrees:
630. cn=sudorules,cn=sudo,dc=rdlg,dc=net
631. add nsslapd-plugin-depends-on-type:
632. database
633. add nsslapd-pluginId:
634. NSUniqueAttr
635. add nsslapd-pluginVersion:
636. 1.1.0
637. add nsslapd-pluginVendor:
638. Fedora Project
639. adding new entry "cn=sudorule name uniqueness,cn=plugins,cn=config"
640. modify complete
641.  
642.  
643. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
644.  
645. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
646. 2017-05-11T02:28:57Z DEBUG [12/47]: configuring uuid plugin
647. 2017-05-11T02:28:57Z DEBUG Starting external process
648. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/uuid-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpL6kr5k
649. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
650. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
651. top
652. nsSlapdPlugin
653. extensibleObject
654. add cn:
655. IPA UUID
656. add nsslapd-pluginpath:
657. libipa_uuid
658. add nsslapd-plugininitfunc:
659. ipauuid_init
660. add nsslapd-plugintype:
661. preoperation
662. add nsslapd-pluginenabled:
663. on
664. add nsslapd-pluginid:
665. ipauuid_version
666. add nsslapd-pluginversion:
667. 1.0
668. add nsslapd-pluginvendor:
669. Red Hat, Inc.
670. add nsslapd-plugindescription:
671. IPA UUID plugin
672. add nsslapd-plugin-depends-on-type:
673. database
674. adding new entry "cn=IPA UUID,cn=plugins,cn=config"
675. modify complete
676.  
677.  
678. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
679.  
680. 2017-05-11T02:28:57Z DEBUG Starting external process
681. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp14Pbo1 -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp7aYOtv
682. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
683. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
684. top
685. extensibleObject
686. add cn:
687. IPA Unique IDs
688. add ipaUuidAttr:
689. ipaUniqueID
690. add ipaUuidMagicRegen:
691. autogenerate
692. add ipaUuidFilter:
693. (|(objectclass=ipaObject)(objectclass=ipaAssociation))
694. add ipaUuidScope:
695. dc=rdlg,dc=net
696. add ipaUuidEnforce:
697. TRUE
698. adding new entry "cn=IPA Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
699. modify complete
700.  
701. add objectclass:
702. top
703. extensibleObject
704. add cn:
705. IPK11 Unique IDs
706. add ipaUuidAttr:
707. ipk11UniqueID
708. add ipaUuidMagicRegen:
709. autogenerate
710. add ipaUuidFilter:
711. (objectclass=ipk11Object)
712. add ipaUuidScope:
713. dc=rdlg,dc=net
714. add ipaUuidEnforce:
715. FALSE
716. adding new entry "cn=IPK11 Unique IDs,cn=IPA UUID,cn=plugins,cn=config"
717. modify complete
718.  
719.  
720. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
721.  
722. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
723. 2017-05-11T02:28:57Z DEBUG [13/47]: configuring modrdn plugin
724. 2017-05-11T02:28:57Z DEBUG Starting external process
725. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/modrdn-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp36QY6G
726. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
727. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
728. top
729. nsSlapdPlugin
730. extensibleObject
731. add cn:
732. IPA MODRDN
733. add nsslapd-pluginpath:
734. libipa_modrdn
735. add nsslapd-plugininitfunc:
736. ipamodrdn_init
737. add nsslapd-plugintype:
738. betxnpostoperation
739. add nsslapd-pluginenabled:
740. on
741. add nsslapd-pluginid:
742. ipamodrdn_version
743. add nsslapd-pluginversion:
744. 1.0
745. add nsslapd-pluginvendor:
746. Red Hat, Inc.
747. add nsslapd-plugindescription:
748. IPA MODRDN plugin
749. add nsslapd-plugin-depends-on-type:
750. database
751. add nsslapd-pluginPrecedence:
752. 60
753. adding new entry "cn=IPA MODRDN,cn=plugins,cn=config"
754. modify complete
755.  
756.  
757. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
758.  
759. 2017-05-11T02:28:57Z DEBUG Starting external process
760. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp6u9s0U -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpr8Hixk
761. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
762. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
763. top
764. extensibleObject
765. add cn:
766. Kerberos Principal Name
767. add ipaModRDNsourceAttr:
768. uid
769. add ipaModRDNtargetAttr:
770. krbPrincipalName
771. add ipaModRDNsuffix:
772. @RDLG.NET
773. add ipaModRDNfilter:
774. (&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
775. add ipaModRDNscope:
776. dc=rdlg,dc=net
777. adding new entry "cn=Kerberos Principal Name,cn=IPA MODRDN,cn=plugins,cn=config"
778. modify complete
779.  
780. add objectclass:
781. top
782. extensibleObject
783. add cn:
784. Kerberos Canonical Name
785. add ipaModRDNsourceAttr:
786. uid
787. add ipaModRDNtargetAttr:
788. krbCanonicalName
789. add ipaModRDNsuffix:
790. @RDLG.NET
791. add ipaModRDNfilter:
792. (&(objectclass=posixaccount)(objectclass=krbPrincipalAux))
793. add ipaModRDNscope:
794. dc=rdlg,dc=net
795. adding new entry "cn=Kerberos Canonical Name,cn=IPA MODRDN,cn=plugins,cn=config"
796. modify complete
797.  
798.  
799. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
800.  
801. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
802. 2017-05-11T02:28:57Z DEBUG [14/47]: configuring DNS plugin
803. 2017-05-11T02:28:57Z DEBUG Starting external process
804. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/ipa-dns-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpgHSP8_
805. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
806. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
807. top
808. nsslapdPlugin
809. extensibleObject
810. add cn:
811. IPA DNS
812. add nsslapd-plugindescription:
813. IPA DNS support plugin
814. add nsslapd-pluginenabled:
815. on
816. add nsslapd-pluginid:
817. ipa_dns
818. add nsslapd-plugininitfunc:
819. ipadns_init
820. add nsslapd-pluginpath:
821. libipa_dns.so
822. add nsslapd-plugintype:
823. preoperation
824. add nsslapd-pluginvendor:
825. Red Hat, Inc.
826. add nsslapd-pluginversion:
827. 1.0
828. add nsslapd-plugin-depends-on-type:
829. database
830. adding new entry "cn=IPA DNS,cn=plugins,cn=config"
831. modify complete
832.  
833.  
834. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
835.  
836. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
837. 2017-05-11T02:28:57Z DEBUG [15/47]: enabling entryUSN plugin
838. 2017-05-11T02:28:57Z DEBUG Starting external process
839. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/entryusn.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp7MjKP0
840. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
841. 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-entryusn-global:
842. on
843. modifying entry "cn=config"
844. modify complete
845.  
846. replace nsslapd-entryusn-import-initval:
847. next
848. modifying entry "cn=config"
849. modify complete
850.  
851. replace nsslapd-pluginenabled:
852. on
853. modifying entry "cn=USN,cn=plugins,cn=config"
854. modify complete
855.  
856.  
857. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
858.  
859. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
860. 2017-05-11T02:28:57Z DEBUG [16/47]: configuring lockout plugin
861. 2017-05-11T02:28:57Z DEBUG Starting external process
862. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/lockout-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmptvr5Cq
863. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
864. 2017-05-11T02:28:57Z DEBUG stdout=add objectclass:
865. top
866. nsSlapdPlugin
867. extensibleObject
868. add cn:
869. IPA Lockout
870. add nsslapd-pluginpath:
871. libipa_lockout
872. add nsslapd-plugininitfunc:
873. ipalockout_init
874. add nsslapd-plugintype:
875. object
876. add nsslapd-pluginenabled:
877. on
878. add nsslapd-pluginid:
879. ipalockout_version
880. add nsslapd-pluginversion:
881. 1.0
882. add nsslapd-pluginvendor:
883. Red Hat, Inc.
884. add nsslapd-plugindescription:
885. IPA Lockout plugin
886. add nsslapd-plugin-depends-on-type:
887. database
888. adding new entry "cn=IPA Lockout,cn=plugins,cn=config"
889. modify complete
890.  
891.  
892. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
893.  
894. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
895. 2017-05-11T02:28:57Z DEBUG [17/47]: configuring topology plugin
896. 2017-05-11T02:28:57Z DEBUG Starting external process
897. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpy6J5zd -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmphMR5dA
898. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
899. 2017-05-11T02:28:57Z DEBUG stdout=add objectClass:
900. top
901. nsSlapdPlugin
902. extensibleObject
903. add cn:
904. IPA Topology Configuration
905. add nsslapd-pluginPath:
906. libtopology
907. add nsslapd-pluginInitfunc:
908. ipa_topo_init
909. add nsslapd-pluginType:
910. object
911. add nsslapd-pluginEnabled:
912. on
913. add nsslapd-topo-plugin-shared-config-base:
914. cn=ipa,cn=etc,dc=rdlg,dc=net
915. add nsslapd-topo-plugin-shared-replica-root:
916. dc=rdlg,dc=net
917. o=ipaca
918. add nsslapd-topo-plugin-shared-binddngroup:
919. cn=replication managers,cn=sysaccounts,cn=etc,dc=rdlg,dc=net
920. add nsslapd-topo-plugin-startup-delay:
921. 20
922. add nsslapd-pluginId:
923. none
924. add nsslapd-plugin-depends-on-named:
925. ldbm database
926. Multimaster Replication Plugin
927. add nsslapd-pluginVersion:
928. 1.0
929. add nsslapd-pluginVendor:
930. none
931. add nsslapd-pluginDescription:
932. none
933. adding new entry "cn=IPA Topology Configuration,cn=plugins,cn=config"
934. modify complete
935.  
936.  
937. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
938.  
939. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
940. 2017-05-11T02:28:57Z DEBUG [18/47]: creating indices
941. 2017-05-11T02:28:57Z DEBUG Starting external process
942. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/indices.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmplvya6u
943. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
944. 2017-05-11T02:28:57Z DEBUG stdout=add objectClass:
945. top
946. nsIndex
947. add cn:
948. krbPrincipalName
949. add nsSystemIndex:
950. false
951. add nsIndexType:
952. eq
953. sub
954. add nsMatchingRule:
955. caseIgnoreIA5Match
956. caseExactIA5Match
957. adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
958. modify complete
959.  
960. add objectClass:
961. top
962. nsIndex
963. add cn:
964. ou
965. add nsSystemIndex:
966. false
967. add nsIndexType:
968. eq
969. sub
970. adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
971. modify complete
972.  
973. add objectClass:
974. top
975. nsIndex
976. add cn:
977. carLicense
978. add nsSystemIndex:
979. false
980. add nsIndexType:
981. eq
982. sub
983. adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
984. modify complete
985.  
986. add objectClass:
987. top
988. nsIndex
989. add cn:
990. title
991. add nsSystemIndex:
992. false
993. add nsIndexType:
994. eq
995. sub
996. adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
997. modify complete
998.  
999. add objectClass:
1000. top
1001. nsIndex
1002. add cn:
1003. manager
1004. add nsSystemIndex:
1005. false
1006. add nsIndexType:
1007. eq
1008. pres
1009. sub
1010. adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1011. modify complete
1012.  
1013. add objectClass:
1014. top
1015. nsIndex
1016. add cn:
1017. secretary
1018. add nsSystemIndex:
1019. false
1020. add nsIndexType:
1021. eq
1022. pres
1023. sub
1024. adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1025. modify complete
1026.  
1027. add objectClass:
1028. top
1029. nsIndex
1030. add cn:
1031. displayname
1032. add nsSystemIndex:
1033. false
1034. add nsIndexType:
1035. eq
1036. sub
1037. adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1038. modify complete
1039.  
1040. add nsIndexType:
1041. sub
1042. modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1043. modify complete
1044.  
1045. add objectClass:
1046. top
1047. nsIndex
1048. add cn:
1049. uidnumber
1050. add nsSystemIndex:
1051. false
1052. add nsIndexType:
1053. eq
1054. add nsMatchingRule:
1055. integerOrderingMatch
1056. adding new entry "cn=uidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1057. modify complete
1058.  
1059. add objectClass:
1060. top
1061. nsIndex
1062. add cn:
1063. gidnumber
1064. add nsSystemIndex:
1065. false
1066. add nsIndexType:
1067. eq
1068. add nsMatchingRule:
1069. integerOrderingMatch
1070. adding new entry "cn=gidnumber,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1071. modify complete
1072.  
1073. replace nsIndexType:
1074. eq
1075. pres
1076. modifying entry "cn=ntUniqueId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1077. modify complete
1078.  
1079. replace nsIndexType:
1080. eq
1081. pres
1082. modifying entry "cn=ntUserDomainId,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1083. modify complete
1084.  
1085. add ObjectClass:
1086. top
1087. nsIndex
1088. add cn:
1089. fqdn
1090. add nsSystemIndex:
1091. false
1092. add nsIndexType:
1093. eq
1094. pres
1095. adding new entry "cn=fqdn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1096. modify complete
1097.  
1098. add ObjectClass:
1099. top
1100. nsIndex
1101. add cn:
1102. macAddress
1103. add nsSystemIndex:
1104. false
1105. add nsIndexType:
1106. eq
1107. pres
1108. adding new entry "cn=macAddress,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1109. modify complete
1110.  
1111. add cn:
1112. memberHost
1113. add ObjectClass:
1114. top
1115. nsIndex
1116. add nsSystemIndex:
1117. false
1118. add nsIndexType:
1119. eq
1120. pres
1121. sub
1122. adding new entry "cn=memberHost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1123. modify complete
1124.  
1125. add cn:
1126. memberUser
1127. add ObjectClass:
1128. top
1129. nsIndex
1130. add nsSystemIndex:
1131. false
1132. add nsIndexType:
1133. eq
1134. pres
1135. sub
1136. adding new entry "cn=memberUser,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1137. modify complete
1138.  
1139. add cn:
1140. sourcehost
1141. add ObjectClass:
1142. top
1143. nsIndex
1144. add nsSystemIndex:
1145. false
1146. add nsIndexType:
1147. eq
1148. pres
1149. sub
1150. adding new entry "cn=sourcehost,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1151. modify complete
1152.  
1153. add cn:
1154. memberservice
1155. add ObjectClass:
1156. top
1157. nsIndex
1158. add nsSystemIndex:
1159. false
1160. add nsIndexType:
1161. eq
1162. pres
1163. sub
1164. adding new entry "cn=memberservice,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1165. modify complete
1166.  
1167. add cn:
1168. managedby
1169. add ObjectClass:
1170. top
1171. nsIndex
1172. add nsSystemIndex:
1173. false
1174. add nsIndexType:
1175. eq
1176. pres
1177. sub
1178. adding new entry "cn=managedby,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1179. modify complete
1180.  
1181. add cn:
1182. memberallowcmd
1183. add ObjectClass:
1184. top
1185. nsIndex
1186. add nsSystemIndex:
1187. false
1188. add nsIndexType:
1189. eq
1190. pres
1191. sub
1192. adding new entry "cn=memberallowcmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1193. modify complete
1194.  
1195. add cn:
1196. memberdenycmd
1197. add ObjectClass:
1198. top
1199. nsIndex
1200. add nsSystemIndex:
1201. false
1202. add nsIndexType:
1203. eq
1204. pres
1205. sub
1206. adding new entry "cn=memberdenycmd,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1207. modify complete
1208.  
1209. add cn:
1210. ipasudorunas
1211. add ObjectClass:
1212. top
1213. nsIndex
1214. add nsSystemIndex:
1215. false
1216. add nsIndexType:
1217. eq
1218. pres
1219. sub
1220. adding new entry "cn=ipasudorunas,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1221. modify complete
1222.  
1223. add cn:
1224. ipasudorunasgroup
1225. add ObjectClass:
1226. top
1227. nsIndex
1228. add nsSystemIndex:
1229. false
1230. add nsIndexType:
1231. eq
1232. pres
1233. sub
1234. adding new entry "cn=ipasudorunasgroup,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1235. modify complete
1236.  
1237. add cn:
1238. automountkey
1239. add ObjectClass:
1240. top
1241. nsIndex
1242. add nsSystemIndex:
1243. false
1244. add nsIndexType:
1245. eq
1246. adding new entry "cn=automountkey,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1247. modify complete
1248.  
1249. add cn:
1250. ipakrbprincipalalias
1251. add ObjectClass:
1252. top
1253. nsIndex
1254. add nsSystemIndex:
1255. false
1256. add nsIndexType:
1257. eq
1258. adding new entry "cn=ipakrbprincipalalias,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1259. modify complete
1260.  
1261. add cn:
1262. ipauniqueid
1263. add ObjectClass:
1264. top
1265. nsIndex
1266. add nsSystemIndex:
1267. false
1268. add nsIndexType:
1269. eq
1270. adding new entry "cn=ipauniqueid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1271. modify complete
1272.  
1273. add cn:
1274. ipaMemberCa
1275. add ObjectClass:
1276. top
1277. nsIndex
1278. add nsSystemIndex:
1279. false
1280. add nsIndexType:
1281. eq
1282. pres
1283. sub
1284. adding new entry "cn=ipaMemberCa,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1285. modify complete
1286.  
1287. add cn:
1288. ipaMemberCertProfile
1289. add ObjectClass:
1290. top
1291. nsIndex
1292. add nsSystemIndex:
1293. false
1294. add nsIndexType:
1295. eq
1296. pres
1297. sub
1298. adding new entry "cn=ipaMemberCertProfile,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1299. modify complete
1300.  
1301. add cn:
1302. userCertificate
1303. add ObjectClass:
1304. top
1305. nsIndex
1306. add nsSystemIndex:
1307. false
1308. add nsIndexType:
1309. eq
1310. pres
1311. adding new entry "cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1312. modify complete
1313.  
1314. add cn:
1315. ipalocation
1316. add ObjectClass:
1317. top
1318. nsIndex
1319. add nsSystemIndex:
1320. false
1321. add nsIndexType:
1322. eq
1323. pres
1324. adding new entry "cn=ipalocation,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1325. modify complete
1326.  
1327. add cn:
1328. krbCanonicalName
1329. add objectClass:
1330. top
1331. nsIndex
1332. add nsSystemIndex:
1333. false
1334. add nsIndexType:
1335. eq
1336. sub
1337. adding new entry "cn=krbCanonicalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
1338. modify complete
1339.  
1340.  
1341. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
1342.  
1343. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
1344. 2017-05-11T02:28:57Z DEBUG [19/47]: enabling referential integrity plugin
1345. 2017-05-11T02:28:57Z DEBUG Starting external process
1346. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/referint-conf.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpsyAn3i
1347. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
1348. 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-pluginenabled:
1349. on
1350. modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config"
1351. modify complete
1352.  
1353.  
1354. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
1355.  
1356. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
1357. 2017-05-11T02:28:57Z DEBUG [20/47]: configuring certmap.conf
1358. 2017-05-11T02:28:57Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
1359. 2017-05-11T02:28:57Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
1360. 2017-05-11T02:28:57Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
1361. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
1362. 2017-05-11T02:28:57Z DEBUG [21/47]: configure autobind for root
1363. 2017-05-11T02:28:57Z DEBUG Starting external process
1364. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /usr/share/ipa/root-autobind.ldif -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpevzBjs
1365. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
1366. 2017-05-11T02:28:57Z DEBUG stdout=add objectClass:
1367. extensibleObject
1368. top
1369. add cn:
1370. root-autobind
1371. add uidNumber:
1372. 0
1373. add gidNumber:
1374. 0
1375. adding new entry "cn=root-autobind,cn=config"
1376. modify complete
1377.  
1378. replace nsslapd-ldapiautobind:
1379. on
1380. modifying entry "cn=config"
1381. modify complete
1382.  
1383. replace nsslapd-ldapimaptoentries:
1384. on
1385. modifying entry "cn=config"
1386. modify complete
1387.  
1388.  
1389. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
1390.  
1391. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
1392. 2017-05-11T02:28:57Z DEBUG [22/47]: configure new location for managed entries
1393. 2017-05-11T02:28:57Z DEBUG Starting external process
1394. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpTpoIdR -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpQxJNCc
1395. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
1396. 2017-05-11T02:28:57Z DEBUG stdout=add nsslapd-pluginConfigArea:
1397. cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net
1398. modifying entry "cn=Managed Entries,cn=plugins,cn=config"
1399. modify complete
1400.  
1401.  
1402. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
1403.  
1404. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
1405. 2017-05-11T02:28:57Z DEBUG [23/47]: configure dirsrv ccache
1406. 2017-05-11T02:28:57Z DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv'
1407. 2017-05-11T02:28:57Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
1408. 2017-05-11T02:28:57Z DEBUG Starting external process
1409. 2017-05-11T02:28:57Z DEBUG args=/usr/sbin/selinuxenabled
1410. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
1411. 2017-05-11T02:28:57Z DEBUG stdout=
1412. 2017-05-11T02:28:57Z DEBUG stderr=
1413. 2017-05-11T02:28:57Z DEBUG Starting external process
1414. 2017-05-11T02:28:57Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv
1415. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
1416. 2017-05-11T02:28:57Z DEBUG stdout=
1417. 2017-05-11T02:28:57Z DEBUG stderr=
1418. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
1419. 2017-05-11T02:28:57Z DEBUG [24/47]: enabling SASL mapping fallback
1420. 2017-05-11T02:28:57Z DEBUG Starting external process
1421. 2017-05-11T02:28:57Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpJa50kq -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp2pg802
1422. 2017-05-11T02:28:57Z DEBUG Process finished, return code=0
1423. 2017-05-11T02:28:57Z DEBUG stdout=replace nsslapd-sasl-mapping-fallback:
1424. on
1425. modifying entry "cn=config"
1426. modify complete
1427.  
1428.  
1429. 2017-05-11T02:28:57Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
1430.  
1431. 2017-05-11T02:28:57Z DEBUG duration: 0 seconds
1432. 2017-05-11T02:28:57Z DEBUG [25/47]: restarting directory server
1433. 2017-05-11T02:28:57Z DEBUG Starting external process
1434. 2017-05-11T02:28:57Z DEBUG args=/bin/systemctl --system daemon-reload
1435. 2017-05-11T02:28:58Z DEBUG Process finished, return code=0
1436. 2017-05-11T02:28:58Z DEBUG stdout=
1437. 2017-05-11T02:28:58Z DEBUG stderr=
1438. 2017-05-11T02:28:58Z DEBUG Starting external process
1439. 2017-05-11T02:28:58Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service
1440. 2017-05-11T02:28:58Z DEBUG Process finished, return code=0
1441. 2017-05-11T02:28:58Z DEBUG stdout=
1442. 2017-05-11T02:28:58Z DEBUG stderr=
1443. 2017-05-11T02:28:58Z DEBUG Starting external process
1444. 2017-05-11T02:28:58Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
1445. 2017-05-11T02:28:58Z DEBUG Process finished, return code=0
1446. 2017-05-11T02:28:58Z DEBUG stdout=active
1447.  
1448. 2017-05-11T02:28:58Z DEBUG stderr=
1449. 2017-05-11T02:28:58Z DEBUG wait_for_open_ports: localhost [389] timeout 300
1450. 2017-05-11T02:28:58Z DEBUG Starting external process
1451. 2017-05-11T02:28:58Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
1452. 2017-05-11T02:28:58Z DEBUG Process finished, return code=0
1453. 2017-05-11T02:28:58Z DEBUG stdout=active
1454.  
1455. 2017-05-11T02:28:58Z DEBUG stderr=
1456. 2017-05-11T02:28:58Z DEBUG duration: 0 seconds
1457. 2017-05-11T02:28:58Z DEBUG [26/47]: adding sasl mappings to the directory
1458. 2017-05-11T02:28:58Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
1459. 2017-05-11T02:28:58Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4d16ea8>
1460. 2017-05-11T02:28:59Z DEBUG duration: 0 seconds
1461. 2017-05-11T02:28:59Z DEBUG [27/47]: adding default layout
1462. 2017-05-11T02:28:59Z DEBUG Starting external process
1463. 2017-05-11T02:28:59Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpBcGnPg -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpGryqyO
1464. 2017-05-11T02:28:59Z DEBUG Process finished, return code=0
1465. 2017-05-11T02:28:59Z DEBUG stdout=add objectClass:
1466. top
1467. nsContainer
1468. add cn:
1469. accounts
1470. adding new entry "cn=accounts,dc=rdlg,dc=net"
1471. modify complete
1472.  
1473. add objectClass:
1474. top
1475. nsContainer
1476. add cn:
1477. users
1478. adding new entry "cn=users,cn=accounts,dc=rdlg,dc=net"
1479. modify complete
1480.  
1481. add objectClass:
1482. top
1483. nsContainer
1484. add cn:
1485. groups
1486. adding new entry "cn=groups,cn=accounts,dc=rdlg,dc=net"
1487. modify complete
1488.  
1489. add objectClass:
1490. top
1491. nsContainer
1492. add cn:
1493. services
1494. adding new entry "cn=services,cn=accounts,dc=rdlg,dc=net"
1495. modify complete
1496.  
1497. add objectClass:
1498. top
1499. nsContainer
1500. add cn:
1501. computers
1502. adding new entry "cn=computers,cn=accounts,dc=rdlg,dc=net"
1503. modify complete
1504.  
1505. add objectClass:
1506. top
1507. nsContainer
1508. add cn:
1509. hostgroups
1510. adding new entry "cn=hostgroups,cn=accounts,dc=rdlg,dc=net"
1511. modify complete
1512.  
1513. add objectClass:
1514. nsContainer
1515. add cn:
1516. alt
1517. adding new entry "cn=alt,dc=rdlg,dc=net"
1518. modify complete
1519.  
1520. add objectClass:
1521. nsContainer
1522. add cn:
1523. ng
1524. adding new entry "cn=ng,cn=alt,dc=rdlg,dc=net"
1525. modify complete
1526.  
1527. add objectClass:
1528. nsContainer
1529. add cn:
1530. automount
1531. adding new entry "cn=automount,dc=rdlg,dc=net"
1532. modify complete
1533.  
1534. add objectClass:
1535. nsContainer
1536. add cn:
1537. default
1538. adding new entry "cn=default,cn=automount,dc=rdlg,dc=net"
1539. modify complete
1540.  
1541. add objectClass:
1542. automountMap
1543. add automountMapName:
1544. auto.master
1545. adding new entry "automountmapname=auto.master,cn=default,cn=automount,dc=rdlg,dc=net"
1546. modify complete
1547.  
1548. add objectClass:
1549. automountMap
1550. add automountMapName:
1551. auto.direct
1552. adding new entry "automountmapname=auto.direct,cn=default,cn=automount,dc=rdlg,dc=net"
1553. modify complete
1554.  
1555. add objectClass:
1556. automount
1557. add automountKey:
1558. /-
1559. add automountInformation:
1560. auto.direct
1561. add description:
1562. /- auto.direct
1563. adding new entry "description=/- auto.direct,automountmapname=auto.master,cn=default,cn=automount,dc=rdlg,dc=net"
1564. modify complete
1565.  
1566. add objectClass:
1567. top
1568. nsContainer
1569. add cn:
1570. hbac
1571. adding new entry "cn=hbac,dc=rdlg,dc=net"
1572. modify complete
1573.  
1574. add objectClass:
1575. top
1576. nsContainer
1577. add cn:
1578. hbacservices
1579. adding new entry "cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
1580. modify complete
1581.  
1582. add objectClass:
1583. top
1584. nsContainer
1585. add cn:
1586. hbacservicegroups
1587. adding new entry "cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net"
1588. modify complete
1589.  
1590. add objectClass:
1591. top
1592. nsContainer
1593. add cn:
1594. sudo
1595. adding new entry "cn=sudo,dc=rdlg,dc=net"
1596. modify complete
1597.  
1598. add objectClass:
1599. top
1600. nsContainer
1601. add cn:
1602. sudocmds
1603. adding new entry "cn=sudocmds,cn=sudo,dc=rdlg,dc=net"
1604. modify complete
1605.  
1606. add objectClass:
1607. top
1608. nsContainer
1609. add cn:
1610. sudocmdgroups
1611. adding new entry "cn=sudocmdgroups,cn=sudo,dc=rdlg,dc=net"
1612. modify complete
1613.  
1614. add objectClass:
1615. top
1616. nsContainer
1617. add cn:
1618. sudorules
1619. adding new entry "cn=sudorules,cn=sudo,dc=rdlg,dc=net"
1620. modify complete
1621.  
1622. add objectClass:
1623. nsContainer
1624. top
1625. add cn:
1626. etc
1627. adding new entry "cn=etc,dc=rdlg,dc=net"
1628. modify complete
1629.  
1630. add objectClass:
1631. nsContainer
1632. top
1633. add cn:
1634. locations
1635. adding new entry "cn=locations,cn=etc,dc=rdlg,dc=net"
1636. modify complete
1637.  
1638. add objectClass:
1639. nsContainer
1640. top
1641. add cn:
1642. sysaccounts
1643. adding new entry "cn=sysaccounts,cn=etc,dc=rdlg,dc=net"
1644. modify complete
1645.  
1646. add objectClass:
1647. nsContainer
1648. top
1649. add cn:
1650. ipa
1651. adding new entry "cn=ipa,cn=etc,dc=rdlg,dc=net"
1652. modify complete
1653.  
1654. add objectClass:
1655. nsContainer
1656. top
1657. add cn:
1658. masters
1659. adding new entry "cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net"
1660. modify complete
1661.  
1662. add objectClass:
1663. nsContainer
1664. top
1665. add cn:
1666. replicas
1667. adding new entry "cn=replicas,cn=ipa,cn=etc,dc=rdlg,dc=net"
1668. modify complete
1669.  
1670. add objectClass:
1671. nsContainer
1672. top
1673. add cn:
1674. dna
1675. adding new entry "cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net"
1676. modify complete
1677.  
1678. add objectClass:
1679. nsContainer
1680. top
1681. add cn:
1682. posix-ids
1683. adding new entry "cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net"
1684. modify complete
1685.  
1686. add objectClass:
1687. nsContainer
1688. top
1689. add cn:
1690. ca_renewal
1691. adding new entry "cn=ca_renewal,cn=ipa,cn=etc,dc=rdlg,dc=net"
1692. modify complete
1693.  
1694. add objectClass:
1695. nsContainer
1696. top
1697. add cn:
1698. certificates
1699. adding new entry "cn=certificates,cn=ipa,cn=etc,dc=rdlg,dc=net"
1700. modify complete
1701.  
1702. add objectClass:
1703. nsContainer
1704. top
1705. add cn:
1706. custodia
1707. adding new entry "cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net"
1708. modify complete
1709.  
1710. add objectClass:
1711. nsContainer
1712. top
1713. add cn:
1714. dogtag
1715. adding new entry "cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net"
1716. modify complete
1717.  
1718. add objectClass:
1719. nsContainer
1720. top
1721. add cn:
1722. s4u2proxy
1723. adding new entry "cn=s4u2proxy,cn=etc,dc=rdlg,dc=net"
1724. modify complete
1725.  
1726. add objectClass:
1727. ipaKrb5DelegationACL
1728. groupOfPrincipals
1729. top
1730. add cn:
1731. ipa-http-delegation
1732. add memberPrincipal:
1733. HTTP/ipa.rdlg.net@RDLG.NET
1734. add ipaAllowedTarget:
1735. cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net
1736. cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net
1737. adding new entry "cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net"
1738. modify complete
1739.  
1740. add objectClass:
1741. groupOfPrincipals
1742. top
1743. add cn:
1744. ipa-ldap-delegation-targets
1745. add memberPrincipal:
1746. ldap/ipa.rdlg.net@RDLG.NET
1747. adding new entry "cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net"
1748. modify complete
1749.  
1750. add objectClass:
1751. groupOfPrincipals
1752. top
1753. add cn:
1754. ipa-cifs-delegation-targets
1755. adding new entry "cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,dc=rdlg,dc=net"
1756. modify complete
1757.  
1758. add objectClass:
1759. top
1760. person
1761. posixaccount
1762. krbprincipalaux
1763. krbticketpolicyaux
1764. inetuser
1765. ipaobject
1766. ipasshuser
1767. add uid:
1768. admin
1769. add krbPrincipalName:
1770. admin@RDLG.NET
1771. add cn:
1772. Administrator
1773. add sn:
1774. Administrator
1775. add uidNumber:
1776. 1085800000
1777. add gidNumber:
1778. 1085800000
1779. add homeDirectory:
1780. /home/admin
1781. add loginShell:
1782. /bin/bash
1783. add gecos:
1784. Administrator
1785. add nsAccountLock:
1786. FALSE
1787. add ipaUniqueID:
1788. autogenerate
1789. adding new entry "uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net"
1790. modify complete
1791.  
1792. add objectClass:
1793. top
1794. groupofnames
1795. posixgroup
1796. ipausergroup
1797. ipaobject
1798. add cn:
1799. admins
1800. add description:
1801. Account administrators group
1802. add gidNumber:
1803. 1085800000
1804. add member:
1805. uid=admin,cn=users,cn=accounts,dc=rdlg,dc=net
1806. add nsAccountLock:
1807. FALSE
1808. add ipaUniqueID:
1809. autogenerate
1810. adding new entry "cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net"
1811. modify complete
1812.  
1813. add objectClass:
1814. top
1815. groupofnames
1816. nestedgroup
1817. ipausergroup
1818. ipaobject
1819. add description:
1820. Default group for all users
1821. add cn:
1822. ipausers
1823. add ipaUniqueID:
1824. autogenerate
1825. adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=rdlg,dc=net"
1826. modify complete
1827.  
1828. add objectClass:
1829. top
1830. groupofnames
1831. posixgroup
1832. ipausergroup
1833. ipaobject
1834. add gidNumber:
1835. 1085800002
1836. add description:
1837. Limited admins who can edit other users
1838. add cn:
1839. editors
1840. add ipaUniqueID:
1841. autogenerate
1842. adding new entry "cn=editors,cn=groups,cn=accounts,dc=rdlg,dc=net"
1843. modify complete
1844.  
1845. add objectClass:
1846. top
1847. groupOfNames
1848. nestedGroup
1849. ipaobject
1850. ipahostgroup
1851. add description:
1852. IPA server hosts
1853. add cn:
1854. ipaservers
1855. add ipaUniqueID:
1856. autogenerate
1857. adding new entry "cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net"
1858. modify complete
1859.  
1860. add objectclass:
1861. ipahbacservice
1862. ipaobject
1863. add cn:
1864. sshd
1865. add description:
1866. sshd
1867. add ipauniqueid:
1868. autogenerate
1869. adding new entry "cn=sshd,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
1870. modify complete
1871.  
1872. add objectclass:
1873. ipahbacservice
1874. ipaobject
1875. add cn:
1876. ftp
1877. add description:
1878. ftp
1879. add ipauniqueid:
1880. autogenerate
1881. adding new entry "cn=ftp,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
1882. modify complete
1883.  
1884. add objectclass:
1885. ipahbacservice
1886. ipaobject
1887. add cn:
1888. su
1889. add description:
1890. su
1891. add ipauniqueid:
1892. autogenerate
1893. adding new entry "cn=su,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
1894. modify complete
1895.  
1896. add objectclass:
1897. ipahbacservice
1898. ipaobject
1899. add cn:
1900. login
1901. add description:
1902. login
1903. add ipauniqueid:
1904. autogenerate
1905. adding new entry "cn=login,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
1906. modify complete
1907.  
1908. add objectclass:
1909. ipahbacservice
1910. ipaobject
1911. add cn:
1912. su-l
1913. add description:
1914. su with login shell
1915. add ipauniqueid:
1916. autogenerate
1917. adding new entry "cn=su-l,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
1918. modify complete
1919.  
1920. add objectclass:
1921. ipahbacservice
1922. ipaobject
1923. add cn:
1924. sudo
1925. add description:
1926. sudo
1927. add ipauniqueid:
1928. autogenerate
1929. adding new entry "cn=sudo,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
1930. modify complete
1931.  
1932. add objectclass:
1933. ipahbacservice
1934. ipaobject
1935. add cn:
1936. sudo-i
1937. add description:
1938. sudo-i
1939. add ipauniqueid:
1940. autogenerate
1941. adding new entry "cn=sudo-i,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
1942. modify complete
1943.  
1944. add objectclass:
1945. ipahbacservice
1946. ipaobject
1947. add cn:
1948. gdm
1949. add description:
1950. gdm
1951. add ipauniqueid:
1952. autogenerate
1953. adding new entry "cn=gdm,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
1954. modify complete
1955.  
1956. add objectclass:
1957. ipahbacservice
1958. ipaobject
1959. add cn:
1960. gdm-password
1961. add description:
1962. gdm-password
1963. add ipauniqueid:
1964. autogenerate
1965. adding new entry "cn=gdm-password,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
1966. modify complete
1967.  
1968. add objectclass:
1969. ipahbacservice
1970. ipaobject
1971. add cn:
1972. kdm
1973. add description:
1974. kdm
1975. add ipauniqueid:
1976. autogenerate
1977. adding new entry "cn=kdm,cn=hbacservices,cn=hbac,dc=rdlg,dc=net"
1978. modify complete
1979.  
1980. add objectClass:
1981. ipaobject
1982. ipahbacservicegroup
1983. nestedGroup
1984. groupOfNames
1985. top
1986. add cn:
1987. Sudo
1988. add ipauniqueid:
1989. autogenerate
1990. add description:
1991. Default group of Sudo related services
1992. add member:
1993. cn=sudo,cn=hbacservices,cn=hbac,dc=rdlg,dc=net
1994. cn=sudo-i,cn=hbacservices,cn=hbac,dc=rdlg,dc=net
1995. adding new entry "cn=Sudo,cn=hbacservicegroups,cn=hbac,dc=rdlg,dc=net"
1996. modify complete
1997.  
1998. add objectClass:
1999. nsContainer
2000. top
2001. ipaGuiConfig
2002. ipaConfigObject
2003. add ipaUserSearchFields:
2004. uid,givenname,sn,telephonenumber,ou,title
2005. add ipaGroupSearchFields:
2006. cn,description
2007. add ipaSearchTimeLimit:
2008. 2
2009. add ipaSearchRecordsLimit:
2010. 100
2011. add ipaHomesRootDir:
2012. /home
2013. add ipaDefaultLoginShell:
2014. /bin/sh
2015. add ipaDefaultPrimaryGroup:
2016. ipausers
2017. add ipaMaxUsernameLength:
2018. 32
2019. add ipaPwdExpAdvNotify:
2020. 4
2021. add ipaGroupObjectClasses:
2022. top
2023. groupofnames
2024. nestedgroup
2025. ipausergroup
2026. ipaobject
2027. add ipaUserObjectClasses:
2028. top
2029. person
2030. organizationalperson
2031. inetorgperson
2032. inetuser
2033. posixaccount
2034. krbprincipalaux
2035. krbticketpolicyaux
2036. ipaobject
2037. ipasshuser
2038. add ipaDefaultEmailDomain:
2039. rdlg.net
2040. add ipaMigrationEnabled:
2041. FALSE
2042. add ipaConfigString:
2043. AllowNThash
2044. add ipaSELinuxUserMapOrder:
2045. guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023
2046. add ipaSELinuxUserMapDefault:
2047. unconfined_u:s0-s0:c0.c1023
2048. adding new entry "cn=ipaConfig,cn=etc,dc=rdlg,dc=net"
2049. modify complete
2050.  
2051. add objectclass:
2052. top
2053. nsContainer
2054. add cn:
2055. cosTemplates
2056. adding new entry "cn=cosTemplates,cn=accounts,dc=rdlg,dc=net"
2057. modify complete
2058.  
2059. add description:
2060. Password Policy based on group membership
2061. add objectClass:
2062. top
2063. ldapsubentry
2064. cosSuperDefinition
2065. cosClassicDefinition
2066. add cosTemplateDn:
2067. cn=cosTemplates,cn=accounts,dc=rdlg,dc=net
2068. add cosAttribute:
2069. krbPwdPolicyReference override
2070. add cosSpecifier:
2071. memberOf
2072. adding new entry "cn=Password Policy,cn=accounts,dc=rdlg,dc=net"
2073. modify complete
2074.  
2075. add objectClass:
2076. top
2077. nsContainer
2078. add cn:
2079. selinux
2080. adding new entry "cn=selinux,dc=rdlg,dc=net"
2081. modify complete
2082.  
2083. add objectClass:
2084. top
2085. nsContainer
2086. add cn:
2087. usermap
2088. adding new entry "cn=usermap,cn=selinux,dc=rdlg,dc=net"
2089. modify complete
2090.  
2091. add objectClass:
2092. top
2093. nsContainer
2094. add cn:
2095. ranges
2096. adding new entry "cn=ranges,cn=etc,dc=rdlg,dc=net"
2097. modify complete
2098.  
2099. add objectClass:
2100. top
2101. ipaIDrange
2102. ipaDomainIDRange
2103. add cn:
2104. RDLG.NET_id_range
2105. add ipaBaseID:
2106. 1085800000
2107. add ipaIDRangeSize:
2108. 200000
2109. add ipaRangeType:
2110. ipa-local
2111. adding new entry "cn=RDLG.NET_id_range,cn=ranges,cn=etc,dc=rdlg,dc=net"
2112. modify complete
2113.  
2114. add objectClass:
2115. nsContainer
2116. top
2117. add cn:
2118. ca
2119. adding new entry "cn=ca,dc=rdlg,dc=net"
2120. modify complete
2121.  
2122. add objectClass:
2123. nsContainer
2124. top
2125. add cn:
2126. certprofiles
2127. adding new entry "cn=certprofiles,cn=ca,dc=rdlg,dc=net"
2128. modify complete
2129.  
2130. add objectClass:
2131. nsContainer
2132. top
2133. add cn:
2134. caacls
2135. adding new entry "cn=caacls,cn=ca,dc=rdlg,dc=net"
2136. modify complete
2137.  
2138. add objectClass:
2139. nsContainer
2140. top
2141. add cn:
2142. cas
2143. adding new entry "cn=cas,cn=ca,dc=rdlg,dc=net"
2144. modify complete
2145.  
2146.  
2147. 2017-05-11T02:28:59Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2148.  
2149. 2017-05-11T02:28:59Z DEBUG duration: 0 seconds
2150. 2017-05-11T02:28:59Z DEBUG [28/47]: adding delegation layout
2151. 2017-05-11T02:28:59Z DEBUG Starting external process
2152. 2017-05-11T02:28:59Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpcwd9Yk -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp4mvX3j
2153. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
2154. 2017-05-11T02:29:00Z DEBUG stdout=add objectClass:
2155. top
2156. nsContainer
2157. add cn:
2158. roles
2159. adding new entry "cn=roles,cn=accounts,dc=rdlg,dc=net"
2160. modify complete
2161.  
2162. add objectClass:
2163. top
2164. nsContainer
2165. add cn:
2166. pbac
2167. adding new entry "cn=pbac,dc=rdlg,dc=net"
2168. modify complete
2169.  
2170. add objectClass:
2171. top
2172. nsContainer
2173. add cn:
2174. privileges
2175. adding new entry "cn=privileges,cn=pbac,dc=rdlg,dc=net"
2176. modify complete
2177.  
2178. add objectClass:
2179. top
2180. nsContainer
2181. add cn:
2182. permissions
2183. adding new entry "cn=permissions,cn=pbac,dc=rdlg,dc=net"
2184. modify complete
2185.  
2186. add objectClass:
2187. top
2188. groupofnames
2189. nestedgroup
2190. add cn:
2191. helpdesk
2192. add description:
2193. Helpdesk
2194. adding new entry "cn=helpdesk,cn=roles,cn=accounts,dc=rdlg,dc=net"
2195. modify complete
2196.  
2197. add objectClass:
2198. top
2199. groupofnames
2200. nestedgroup
2201. add cn:
2202. User Administrators
2203. add description:
2204. User Administrators
2205. adding new entry "cn=User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2206. modify complete
2207.  
2208. add objectClass:
2209. top
2210. groupofnames
2211. nestedgroup
2212. add cn:
2213. Group Administrators
2214. add description:
2215. Group Administrators
2216. adding new entry "cn=Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2217. modify complete
2218.  
2219. add objectClass:
2220. top
2221. groupofnames
2222. nestedgroup
2223. add cn:
2224. Host Administrators
2225. add description:
2226. Host Administrators
2227. adding new entry "cn=Host Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2228. modify complete
2229.  
2230. add objectClass:
2231. top
2232. groupofnames
2233. nestedgroup
2234. add cn:
2235. Host Group Administrators
2236. add description:
2237. Host Group Administrators
2238. adding new entry "cn=Host Group Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2239. modify complete
2240.  
2241. add objectClass:
2242. top
2243. groupofnames
2244. nestedgroup
2245. add cn:
2246. Delegation Administrator
2247. add description:
2248. Role administration
2249. adding new entry "cn=Delegation Administrator,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2250. modify complete
2251.  
2252. add objectClass:
2253. top
2254. groupofnames
2255. nestedgroup
2256. add cn:
2257. DNS Administrators
2258. add description:
2259. DNS Administrators
2260. adding new entry "cn=DNS Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2261. modify complete
2262.  
2263. add objectClass:
2264. top
2265. groupofnames
2266. nestedgroup
2267. add cn:
2268. DNS Servers
2269. add description:
2270. DNS Servers
2271. adding new entry "cn=DNS Servers,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2272. modify complete
2273.  
2274. add objectClass:
2275. top
2276. groupofnames
2277. nestedgroup
2278. add cn:
2279. Service Administrators
2280. add description:
2281. Service Administrators
2282. adding new entry "cn=Service Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2283. modify complete
2284.  
2285. add objectClass:
2286. top
2287. groupofnames
2288. nestedgroup
2289. add cn:
2290. Automount Administrators
2291. add description:
2292. Automount Administrators
2293. adding new entry "cn=Automount Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2294. modify complete
2295.  
2296. add objectClass:
2297. top
2298. groupofnames
2299. nestedgroup
2300. add cn:
2301. Netgroups Administrators
2302. add description:
2303. Netgroups Administrators
2304. adding new entry "cn=Netgroups Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2305. modify complete
2306.  
2307. add objectClass:
2308. top
2309. groupofnames
2310. nestedgroup
2311. add cn:
2312. Certificate Administrators
2313. add description:
2314. Certificate Administrators
2315. adding new entry "cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2316. modify complete
2317.  
2318. add objectClass:
2319. top
2320. groupofnames
2321. nestedgroup
2322. add cn:
2323. Replication Administrators
2324. add description:
2325. Replication Administrators
2326. add member:
2327. cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net
2328. adding new entry "cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2329. modify complete
2330.  
2331. add objectClass:
2332. top
2333. groupofnames
2334. nestedgroup
2335. add cn:
2336. Host Enrollment
2337. add description:
2338. Host Enrollment
2339. adding new entry "cn=Host Enrollment,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2340. modify complete
2341.  
2342. add objectClass:
2343. top
2344. groupofnames
2345. nestedgroup
2346. add cn:
2347. Stage User Administrators
2348. add description:
2349. Stage User Administrators
2350. adding new entry "cn=Stage User Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2351. modify complete
2352.  
2353. add objectClass:
2354. top
2355. groupofnames
2356. nestedgroup
2357. add cn:
2358. Stage User Provisioning
2359. add description:
2360. Stage User Provisioning
2361. adding new entry "cn=Stage User Provisioning,cn=privileges,cn=pbac,dc=rdlg,dc=net"
2362. modify complete
2363.  
2364. add objectClass:
2365. top
2366. groupofnames
2367. ipapermission
2368. add cn:
2369. Add Replication Agreements
2370. add ipapermissiontype:
2371. SYSTEM
2372. add member:
2373. cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
2374. adding new entry "cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net"
2375. modify complete
2376.  
2377. add objectClass:
2378. top
2379. groupofnames
2380. ipapermission
2381. add cn:
2382. Modify Replication Agreements
2383. add ipapermissiontype:
2384. SYSTEM
2385. add member:
2386. cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
2387. adding new entry "cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net"
2388. modify complete
2389.  
2390. add objectClass:
2391. top
2392. groupofnames
2393. ipapermission
2394. add cn:
2395. Read Replication Agreements
2396. add ipapermissiontype:
2397. SYSTEM
2398. add member:
2399. cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
2400. adding new entry "cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net"
2401. modify complete
2402.  
2403. add objectClass:
2404. top
2405. groupofnames
2406. ipapermission
2407. add cn:
2408. Remove Replication Agreements
2409. add ipapermissiontype:
2410. SYSTEM
2411. add member:
2412. cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
2413. adding new entry "cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net"
2414. modify complete
2415.  
2416. add objectClass:
2417. top
2418. groupofnames
2419. ipapermission
2420. add cn:
2421. Modify DNA Range
2422. add ipapermissiontype:
2423. SYSTEM
2424. add member:
2425. cn=Replication Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
2426. adding new entry "cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net"
2427. modify complete
2428.  
2429. add objectClass:
2430. top
2431. nsContainer
2432. add cn:
2433. virtual operations
2434. adding new entry "cn=virtual operations,cn=etc,dc=rdlg,dc=net"
2435. modify complete
2436.  
2437. add objectClass:
2438. top
2439. groupofnames
2440. ipapermission
2441. add cn:
2442. Retrieve Certificates from the CA
2443. add member:
2444. cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
2445. adding new entry "cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net"
2446. modify complete
2447.  
2448. add aci:
2449. (targetattr = "objectclass")(target = "ldap:///cn=retrieve certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Retrieve Certificates from the CA" ; allow (write) groupdn = "ldap:///cn=Retrieve Certificates from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
2450. modifying entry "dc=rdlg,dc=net"
2451. modify complete
2452.  
2453. add objectClass:
2454. top
2455. groupofnames
2456. ipapermission
2457. add cn:
2458. Request Certificate
2459. add member:
2460. cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
2461. adding new entry "cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net"
2462. modify complete
2463.  
2464. add aci:
2465. (targetattr = "objectclass")(target = "ldap:///cn=request certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificate" ; allow (write) groupdn = "ldap:///cn=Request Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
2466. modifying entry "dc=rdlg,dc=net"
2467. modify complete
2468.  
2469. add objectClass:
2470. top
2471. groupofnames
2472. ipapermission
2473. add cn:
2474. Request Certificates from a different host
2475. add member:
2476. cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
2477. adding new entry "cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net"
2478. modify complete
2479.  
2480. add aci:
2481. (targetattr = "objectclass")(target = "ldap:///cn=request certificate different host,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Request Certificates from a different host" ; allow (write) groupdn = "ldap:///cn=Request Certificates from a different host,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
2482. modifying entry "dc=rdlg,dc=net"
2483. modify complete
2484.  
2485. add objectClass:
2486. top
2487. groupofnames
2488. ipapermission
2489. add cn:
2490. Get Certificates status from the CA
2491. add member:
2492. cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
2493. adding new entry "cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net"
2494. modify complete
2495.  
2496. add aci:
2497. (targetattr = "objectclass")(target = "ldap:///cn=certificate status,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Get Certificates status from the CA" ; allow (write) groupdn = "ldap:///cn=Get Certificates status from the CA,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
2498. modifying entry "dc=rdlg,dc=net"
2499. modify complete
2500.  
2501. add objectClass:
2502. top
2503. groupofnames
2504. ipapermission
2505. add cn:
2506. Revoke Certificate
2507. add member:
2508. cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
2509. adding new entry "cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net"
2510. modify complete
2511.  
2512. add aci:
2513. (targetattr = "objectclass")(target = "ldap:///cn=revoke certificate,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Revoke Certificate"; allow (write) groupdn = "ldap:///cn=Revoke Certificate,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
2514. modifying entry "dc=rdlg,dc=net"
2515. modify complete
2516.  
2517. add objectClass:
2518. top
2519. groupofnames
2520. ipapermission
2521. add cn:
2522. Certificate Remove Hold
2523. add member:
2524. cn=Certificate Administrators,cn=privileges,cn=pbac,dc=rdlg,dc=net
2525. adding new entry "cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net"
2526. modify complete
2527.  
2528. add aci:
2529. (targetattr = "objectclass")(target = "ldap:///cn=certificate remove hold,cn=virtual operations,cn=etc,dc=rdlg,dc=net" )(version 3.0 ; acl "permission:Certificate Remove Hold"; allow (write) groupdn = "ldap:///cn=Certificate Remove Hold,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
2530. modifying entry "dc=rdlg,dc=net"
2531. modify complete
2532.  
2533.  
2534. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2535.  
2536. 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
2537. 2017-05-11T02:29:00Z DEBUG [29/47]: creating container for managed entries
2538. 2017-05-11T02:29:00Z DEBUG Starting external process
2539. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpRPkTox -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp9026yu
2540. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
2541. 2017-05-11T02:29:00Z DEBUG stdout=add objectClass:
2542. nsContainer
2543. top
2544. add cn:
2545. Managed Entries
2546. adding new entry "cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
2547. modify complete
2548.  
2549. add objectClass:
2550. nsContainer
2551. top
2552. add cn:
2553. Templates
2554. adding new entry "cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
2555. modify complete
2556.  
2557. add objectClass:
2558. nsContainer
2559. top
2560. add cn:
2561. Definitions
2562. adding new entry "cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
2563. modify complete
2564.  
2565.  
2566. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2567.  
2568. 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
2569. 2017-05-11T02:29:00Z DEBUG [30/47]: configuring user private groups
2570. 2017-05-11T02:29:00Z DEBUG Starting external process
2571. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmprRUrdz -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpHiFznN
2572. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
2573. 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
2574. mepTemplateEntry
2575. add cn:
2576. UPG Template
2577. add mepRDNAttr:
2578. cn
2579. add mepStaticAttr:
2580. objectclass: posixgroup
2581. objectclass: ipaobject
2582. ipaUniqueId: autogenerate
2583. add mepMappedAttr:
2584. cn: $uid
2585. gidNumber: $uidNumber
2586. description: User private group for $uid
2587. adding new entry "cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
2588. modify complete
2589.  
2590. add objectclass:
2591. extensibleObject
2592. add cn:
2593. UPG Definition
2594. add originScope:
2595. cn=users,cn=accounts,dc=rdlg,dc=net
2596. add originFilter:
2597. (&(objectclass=posixAccount)(!(description=__no_upg__)))
2598. add managedBase:
2599. cn=groups,cn=accounts,dc=rdlg,dc=net
2600. add managedTemplate:
2601. cn=UPG Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net
2602. adding new entry "cn=UPG Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
2603. modify complete
2604.  
2605.  
2606. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2607.  
2608. 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
2609. 2017-05-11T02:29:00Z DEBUG [31/47]: configuring netgroups from hostgroups
2610. 2017-05-11T02:29:00Z DEBUG Starting external process
2611. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpM1KV9g -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpNcDh6U
2612. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
2613. 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
2614. mepTemplateEntry
2615. add cn:
2616. NGP HGP Template
2617. add mepRDNAttr:
2618. cn
2619. add mepStaticAttr:
2620. ipaUniqueId: autogenerate
2621. objectclass: ipanisnetgroup
2622. objectclass: ipaobject
2623. nisDomainName: rdlg.net
2624. add mepMappedAttr:
2625. cn: $cn
2626. memberHost: $dn
2627. description: ipaNetgroup $cn
2628. adding new entry "cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
2629. modify complete
2630.  
2631. add objectclass:
2632. extensibleObject
2633. add cn:
2634. NGP Definition
2635. add originScope:
2636. cn=hostgroups,cn=accounts,dc=rdlg,dc=net
2637. add originFilter:
2638. objectclass=ipahostgroup
2639. add managedBase:
2640. cn=ng,cn=alt,dc=rdlg,dc=net
2641. add managedTemplate:
2642. cn=NGP HGP Template,cn=Templates,cn=Managed Entries,cn=etc,dc=rdlg,dc=net
2643. adding new entry "cn=NGP Definition,cn=Definitions,cn=Managed Entries,cn=etc,dc=rdlg,dc=net"
2644. modify complete
2645.  
2646.  
2647. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2648.  
2649. 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
2650. 2017-05-11T02:29:00Z DEBUG [32/47]: creating default Sudo bind user
2651. 2017-05-11T02:29:00Z DEBUG Starting external process
2652. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpr1dlvx -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpmNC9FF
2653. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
2654. 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
2655. account
2656. simplesecurityobject
2657. add uid:
2658. sudo
2659. add userPassword:
2660. XXXXXXXX
2661. add passwordExpirationTime:
2662. 20380119031407Z
2663. add nsIdleTimeout:
2664. 0
2665. adding new entry "uid=sudo,cn=sysaccounts,cn=etc,dc=rdlg,dc=net"
2666. modify complete
2667.  
2668.  
2669. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2670.  
2671. 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
2672. 2017-05-11T02:29:00Z DEBUG [33/47]: creating default Auto Member layout
2673. 2017-05-11T02:29:00Z DEBUG Starting external process
2674. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpGFzo_h -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmplPB7jz
2675. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
2676. 2017-05-11T02:29:00Z DEBUG stdout=add nsslapd-pluginConfigArea:
2677. cn=automember,cn=etc,dc=rdlg,dc=net
2678. modifying entry "cn=Auto Membership Plugin,cn=plugins,cn=config"
2679. modify complete
2680.  
2681. add objectClass:
2682. top
2683. nsContainer
2684. add cn:
2685. automember
2686. adding new entry "cn=automember,cn=etc,dc=rdlg,dc=net"
2687. modify complete
2688.  
2689. add objectclass:
2690. autoMemberDefinition
2691. add cn:
2692. Hostgroup
2693. add autoMemberScope:
2694. cn=computers,cn=accounts,dc=rdlg,dc=net
2695. add autoMemberFilter:
2696. objectclass=ipaHost
2697. add autoMemberGroupingAttr:
2698. member:dn
2699. adding new entry "cn=Hostgroup,cn=automember,cn=etc,dc=rdlg,dc=net"
2700. modify complete
2701.  
2702. add objectclass:
2703. autoMemberDefinition
2704. add cn:
2705. Group
2706. add autoMemberScope:
2707. cn=users,cn=accounts,dc=rdlg,dc=net
2708. add autoMemberFilter:
2709. objectclass=posixAccount
2710. add autoMemberGroupingAttr:
2711. member:dn
2712. adding new entry "cn=Group,cn=automember,cn=etc,dc=rdlg,dc=net"
2713. modify complete
2714.  
2715.  
2716. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2717.  
2718. 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
2719. 2017-05-11T02:29:00Z DEBUG [34/47]: adding range check plugin
2720. 2017-05-11T02:29:00Z DEBUG Starting external process
2721. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp2BYVEM -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpsawBXG
2722. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
2723. 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
2724. top
2725. nsSlapdPlugin
2726. extensibleObject
2727. add cn:
2728. IPA Range-Check
2729. add nsslapd-pluginpath:
2730. libipa_range_check
2731. add nsslapd-plugininitfunc:
2732. ipa_range_check_init
2733. add nsslapd-plugintype:
2734. preoperation
2735. add nsslapd-pluginenabled:
2736. on
2737. add nsslapd-pluginid:
2738. ipa_range_check_version
2739. add nsslapd-pluginversion:
2740. 1.0
2741. add nsslapd-pluginvendor:
2742. Red Hat, Inc.
2743. add nsslapd-plugindescription:
2744. IPA Range-Check plugin
2745. add nsslapd-plugin-depends-on-type:
2746. database
2747. add nsslapd-basedn:
2748. dc=rdlg,dc=net
2749. adding new entry "cn=IPA Range-Check,cn=plugins,cn=config"
2750. modify complete
2751.  
2752.  
2753. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2754.  
2755. 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
2756. 2017-05-11T02:29:00Z DEBUG [35/47]: creating default HBAC rule allow_all
2757. 2017-05-11T02:29:00Z DEBUG Starting external process
2758. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpEN3WMi -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp41X3u2
2759. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
2760. 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
2761. ipaassociation
2762. ipahbacrule
2763. add cn:
2764. allow_all
2765. add accessruletype:
2766. allow
2767. add usercategory:
2768. all
2769. add hostcategory:
2770. all
2771. add servicecategory:
2772. all
2773. add ipaenabledflag:
2774. TRUE
2775. add description:
2776. Allow all users to access any host from any host
2777. add ipauniqueid:
2778. autogenerate
2779. adding new entry "ipauniqueid=autogenerate,cn=hbac,dc=rdlg,dc=net"
2780. modify complete
2781.  
2782.  
2783. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2784.  
2785. 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
2786. 2017-05-11T02:29:00Z DEBUG [36/47]: adding sasl mappings to the directory
2787. 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
2788. 2017-05-11T02:29:00Z DEBUG [37/47]: adding entries for topology management
2789. 2017-05-11T02:29:00Z DEBUG Starting external process
2790. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpKv6j0X -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmptjsce1
2791. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
2792. 2017-05-11T02:29:00Z DEBUG stdout=add objectclass:
2793. top
2794. nsContainer
2795. add cn:
2796. topology
2797. adding new entry "cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net"
2798. modify complete
2799.  
2800. add objectclass:
2801. top
2802. iparepltopoconf
2803. add ipaReplTopoConfRoot:
2804. dc=rdlg,dc=net
2805. add nsDS5ReplicatedAttributeList:
2806. (objectclass=*) $ EXCLUDE memberof idnssoaserial entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
2807. add nsDS5ReplicatedAttributeListTotal:
2808. (objectclass=*) $ EXCLUDE entryusn krblastsuccessfulauth krblastfailedauth krbloginfailedcount
2809. add nsds5ReplicaStripAttrs:
2810. modifiersName modifyTimestamp internalModifiersName internalModifyTimestamp
2811. add cn:
2812. domain
2813. adding new entry "cn=domain,cn=topology,cn=ipa,cn=etc,dc=rdlg,dc=net"
2814. modify complete
2815.  
2816.  
2817. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2818.  
2819. 2017-05-11T02:29:00Z DEBUG duration: 0 seconds
2820. 2017-05-11T02:29:00Z DEBUG [38/47]: initializing group membership
2821. 2017-05-11T02:29:00Z DEBUG Starting external process
2822. 2017-05-11T02:29:00Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpYkSjyh -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpvOr2_r
2823. 2017-05-11T02:29:00Z DEBUG Process finished, return code=0
2824. 2017-05-11T02:29:00Z DEBUG stdout=add objectClass:
2825. top
2826. extensibleObject
2827. add cn:
2828. IPA install
2829. add basedn:
2830. dc=rdlg,dc=net
2831. add filter:
2832. (objectclass=*)
2833. add ttl:
2834. 10
2835. adding new entry "cn=IPA install 1494469733, cn=memberof task, cn=tasks, cn=config"
2836. modify complete
2837.  
2838.  
2839. 2017-05-11T02:29:00Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2840.  
2841. 2017-05-11T02:29:00Z DEBUG Waiting for memberof task to complete.
2842. 2017-05-11T02:29:01Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
2843. 2017-05-11T02:29:01Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4f6d950>
2844. 2017-05-11T02:29:01Z DEBUG duration: 1 seconds
2845. 2017-05-11T02:29:01Z DEBUG [39/47]: adding master entry
2846. 2017-05-11T02:29:01Z DEBUG Starting external process
2847. 2017-05-11T02:29:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpi89o8U -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmps96QVi
2848. 2017-05-11T02:29:01Z DEBUG Process finished, return code=0
2849. 2017-05-11T02:29:01Z DEBUG stdout=add objectclass:
2850. top
2851. nsContainer
2852. ipaReplTopoManagedServer
2853. ipaConfigObject
2854. ipaSupportedDomainLevelConfig
2855. add cn:
2856. ipa.rdlg.net
2857. add ipaReplTopoManagedSuffix:
2858. dc=rdlg,dc=net
2859. add ipaMinDomainLevel:
2860. 0
2861. add ipaMaxDomainLevel:
2862. 1
2863. adding new entry "cn=ipa.rdlg.net,cn=masters,cn=ipa,cn=etc,dc=rdlg,dc=net"
2864. modify complete
2865.  
2866.  
2867. 2017-05-11T02:29:01Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2868.  
2869. 2017-05-11T02:29:01Z DEBUG duration: 0 seconds
2870. 2017-05-11T02:29:01Z DEBUG [40/47]: initializing domain level
2871. 2017-05-11T02:29:01Z DEBUG Starting external process
2872. 2017-05-11T02:29:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpCg4qWX -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpTT6Qep
2873. 2017-05-11T02:29:01Z DEBUG Process finished, return code=0
2874. 2017-05-11T02:29:01Z DEBUG stdout=add objectClass:
2875. top
2876. nsContainer
2877. ipaDomainLevelConfig
2878. add ipaDomainLevel:
2879. 1
2880. adding new entry "cn=Domain Level,cn=ipa,cn=etc,dc=rdlg,dc=net"
2881. modify complete
2882.  
2883.  
2884. 2017-05-11T02:29:01Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2885.  
2886. 2017-05-11T02:29:01Z DEBUG duration: 0 seconds
2887. 2017-05-11T02:29:01Z DEBUG [41/47]: configuring Posix uid/gid generation
2888. 2017-05-11T02:29:01Z DEBUG Starting external process
2889. 2017-05-11T02:29:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpehxGyr -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp_YSRW_
2890. 2017-05-11T02:29:01Z DEBUG Process finished, return code=0
2891. 2017-05-11T02:29:01Z DEBUG stdout=add objectclass:
2892. top
2893. extensibleObject
2894. add cn:
2895. Posix IDs
2896. add dnaType:
2897. uidNumber
2898. gidNumber
2899. add dnaNextValue:
2900. 1085800000
2901. add dnaMaxValue:
2902. 1085999999
2903. add dnaMagicRegen:
2904. -1
2905. add dnaFilter:
2906. (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ipaIDobject))
2907. add dnaScope:
2908. dc=rdlg,dc=net
2909. add dnaThreshold:
2910. 500
2911. add dnaSharedCfgDN:
2912. cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=rdlg,dc=net
2913. adding new entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
2914. modify complete
2915.  
2916.  
2917. 2017-05-11T02:29:01Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2918.  
2919. 2017-05-11T02:29:01Z DEBUG duration: 0 seconds
2920. 2017-05-11T02:29:01Z DEBUG [42/47]: adding replication acis
2921. 2017-05-11T02:29:01Z DEBUG Starting external process
2922. 2017-05-11T02:29:01Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpLa4Yeh -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpw3a1qa
2923. 2017-05-11T02:29:01Z DEBUG Process finished, return code=0
2924. 2017-05-11T02:29:01Z DEBUG stdout=add aci:
2925. (targetattr = "cn || createtimestamp || description || entryusn || modifytimestamp || nsds50ruv || nsds5beginreplicarefresh || nsds5debugreplicatimeout || nsds5flags || nsds5replicaabortcleanruv || nsds5replicaautoreferral || nsds5replicabackoffmax || nsds5replicabackoffmin || nsds5replicabinddn || nsds5replicabindmethod || nsds5replicabusywaittime || nsds5replicachangecount || nsds5replicachangessentsincestartup || nsds5replicacleanruv || nsds5replicacleanruvnotified || nsds5replicacredentials || nsds5replicaenabled || nsds5replicahost || nsds5replicaid || nsds5replicalastinitend || nsds5replicalastinitstart || nsds5replicalastinitstatus || nsds5replicalastupdateend || nsds5replicalastupdatestart || nsds5replicalastupdatestatus || nsds5replicalegacyconsumer || nsds5replicaname || nsds5replicaport || nsds5replicaprotocoltimeout || nsds5replicapurgedelay || nsds5replicareferral || nsds5replicaroot || nsds5replicasessionpausetime || nsds5replicastripattrs || nsds5replicatedattributelist || nsds5replicatedattributelisttotal || nsds5replicatimeout || nsds5replicatombstonepurgeinterval || nsds5replicatransportinfo || nsds5replicatype || nsds5replicaupdateinprogress || nsds5replicaupdateschedule || nsds5task || nsds7directoryreplicasubtree || nsds7dirsynccookie || nsds7newwingroupsyncenabled || nsds7newwinusersyncenabled || nsds7windowsdomain || nsds7windowsreplicasubtree || nsruvreplicalastmodified || nsstate || objectclass || onewaysync || winsyncdirectoryfilter || winsyncinterval || winsyncmoveaction || winsyncsubtreepair || winsyncwindowsfilter")(targetfilter = "(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0;acl "permission:Read Replication Agreements";allow (compare,read,search) groupdn = "ldap:///cn=Read Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
2926. modifying entry "cn=mapping tree,cn=config"
2927. modify complete
2928.  
2929. add aci:
2930. (targetattr=*)(version 3.0;acl "permission:Add Replication Agreements";allow (add) groupdn = "ldap:///cn=Add Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
2931. modifying entry "cn=mapping tree,cn=config"
2932. modify complete
2933.  
2934. add aci:
2935. (targetattr=*)(targetfilter="(|(objectclass=nsds5Replica)(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement)(objectClass=nsMappingTree))")(version 3.0; acl "permission:Modify Replication Agreements"; allow (read, write, search) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
2936. modifying entry "cn=mapping tree,cn=config"
2937. modify complete
2938.  
2939. add aci:
2940. (targetattr=*)(targetfilter="(|(objectclass=nsds5replicationagreement)(objectclass=nsDSWindowsReplicationAgreement))")(version 3.0;acl "permission:Remove Replication Agreements";allow (delete) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
2941. modifying entry "cn=mapping tree,cn=config"
2942. modify complete
2943.  
2944. add aci:
2945. (targetattr=dnaNextRange || dnaNextValue || dnaMaxValue)(version 3.0;acl "permission:Modify DNA Range";allow (write) groupdn = "ldap:///cn=Modify DNA Range,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
2946. modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
2947. modify complete
2948.  
2949. add aci:
2950. (targetattr=nsslapd-readonly)(version 3.0; acl "Allow marking the database readonly"; allow (write) groupdn = "ldap:///cn=Remove Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
2951. modifying entry "cn=userRoot,cn=ldbm database,cn=plugins,cn=config"
2952. modify complete
2953.  
2954. add aci:
2955. (targetattr=*)(version 3.0; acl "Run tasks after replica re-initialization"; allow (add) groupdn = "ldap:///cn=Modify Replication Agreements,cn=permissions,cn=pbac,dc=rdlg,dc=net";)
2956. modifying entry "cn=tasks,cn=config"
2957. modify complete
2958.  
2959.  
2960. 2017-05-11T02:29:01Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
2961.  
2962. 2017-05-11T02:29:01Z DEBUG duration: 0 seconds
2963. 2017-05-11T02:29:01Z DEBUG [43/47]: enabling compatibility plugin
2964. 2017-05-11T02:29:01Z DEBUG importing all plugin modules in ipaserver.plugins...
2965. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.aci
2966. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.automember
2967. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.automount
2968. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.baseldap
2969. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
2970. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.baseuser
2971. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.batch
2972. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.ca
2973. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.caacl
2974. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.cert
2975. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.certprofile
2976. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.config
2977. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.delegation
2978. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.dns
2979. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.dnsserver
2980. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.dogtag
2981. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.domainlevel
2982. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.group
2983. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbac
2984. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
2985. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbacrule
2986. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
2987. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
2988. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hbactest
2989. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.host
2990. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.hostgroup
2991. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.idrange
2992. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.idviews
2993. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.internal
2994. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.join
2995. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
2996. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.ldap2
2997. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.location
2998. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.migration
2999. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.misc
3000. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.netgroup
3001. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.otp
3002. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.otp is not a valid plugin module
3003. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.otpconfig
3004. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.otptoken
3005. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.passwd
3006. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.permission
3007. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.ping
3008. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.pkinit
3009. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module
3010. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.privilege
3011. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
3012. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.rabase
3013. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
3014. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
3015. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.realmdomains
3016. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.role
3017. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.schema
3018. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.selfservice
3019. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
3020. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.server
3021. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.serverrole
3022. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.serverroles
3023. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.service
3024. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
3025. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.session
3026. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.stageuser
3027. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.sudo
3028. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
3029. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.sudocmd
3030. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
3031. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.sudorule
3032. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.topology
3033. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.trust
3034. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.user
3035. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.vault
3036. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.virtual
3037. 2017-05-11T02:29:01Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
3038. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.plugins.xmlserver
3039. 2017-05-11T02:29:01Z DEBUG importing all plugin modules in ipaserver.install.plugins...
3040. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
3041. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
3042. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.dns
3043. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
3044. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
3045. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
3046. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
3047. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
3048. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
3049. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
3050. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
3051. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
3052. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_services
3053. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
3054. 2017-05-11T02:29:01Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
3055. 2017-05-11T02:29:02Z DEBUG Created connection context.ldap2_89920016
3056. 2017-05-11T02:29:02Z DEBUG Destroyed connection context.ldap2_89920016
3057. 2017-05-11T02:29:02Z DEBUG Created connection context.ldap2_89920016
3058. 2017-05-11T02:29:02Z DEBUG Parsing update file '/usr/share/ipa/schema_compat.uldif'
3059. 2017-05-11T02:29:02Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
3060. 2017-05-11T02:29:02Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x716bcf8>
3061. 2017-05-11T02:29:02Z DEBUG New entry: cn=Schema Compatibility,cn=plugins,cn=config
3062. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3063. 2017-05-11T02:29:02Z DEBUG Initial value
3064. 2017-05-11T02:29:02Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config
3065. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginid:
3066. 2017-05-11T02:29:02Z DEBUG schema-compat-plugin
3067. 2017-05-11T02:29:02Z DEBUG cn:
3068. 2017-05-11T02:29:02Z DEBUG Schema Compatibility
3069. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginbetxn:
3070. 2017-05-11T02:29:02Z DEBUG on
3071. 2017-05-11T02:29:02Z DEBUG objectclass:
3072. 2017-05-11T02:29:02Z DEBUG top
3073. 2017-05-11T02:29:02Z DEBUG nsSlapdPlugin
3074. 2017-05-11T02:29:02Z DEBUG extensibleObject
3075. 2017-05-11T02:29:02Z DEBUG nsslapd-plugindescription:
3076. 2017-05-11T02:29:02Z DEBUG Schema Compatibility Plugin
3077. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginenabled:
3078. 2017-05-11T02:29:02Z DEBUG on
3079. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginpath:
3080. 2017-05-11T02:29:02Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
3081. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginversion:
3082. 2017-05-11T02:29:02Z DEBUG 0.8
3083. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginvendor:
3084. 2017-05-11T02:29:02Z DEBUG redhat.com
3085. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginprecedence:
3086. 2017-05-11T02:29:02Z DEBUG 40
3087. 2017-05-11T02:29:02Z DEBUG nsslapd-plugintype:
3088. 2017-05-11T02:29:02Z DEBUG object
3089. 2017-05-11T02:29:02Z DEBUG nsslapd-plugininitfunc:
3090. 2017-05-11T02:29:02Z DEBUG schema_compat_plugin_init
3091. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3092. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
3093. 2017-05-11T02:29:02Z DEBUG dn: cn=Schema Compatibility,cn=plugins,cn=config
3094. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginid:
3095. 2017-05-11T02:29:02Z DEBUG schema-compat-plugin
3096. 2017-05-11T02:29:02Z DEBUG cn:
3097. 2017-05-11T02:29:02Z DEBUG Schema Compatibility
3098. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginbetxn:
3099. 2017-05-11T02:29:02Z DEBUG on
3100. 2017-05-11T02:29:02Z DEBUG objectclass:
3101. 2017-05-11T02:29:02Z DEBUG top
3102. 2017-05-11T02:29:02Z DEBUG nsSlapdPlugin
3103. 2017-05-11T02:29:02Z DEBUG extensibleObject
3104. 2017-05-11T02:29:02Z DEBUG nsslapd-plugindescription:
3105. 2017-05-11T02:29:02Z DEBUG Schema Compatibility Plugin
3106. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginenabled:
3107. 2017-05-11T02:29:02Z DEBUG on
3108. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginpath:
3109. 2017-05-11T02:29:02Z DEBUG /usr/lib64/dirsrv/plugins/schemacompat-plugin.so
3110. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginversion:
3111. 2017-05-11T02:29:02Z DEBUG 0.8
3112. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginvendor:
3113. 2017-05-11T02:29:02Z DEBUG redhat.com
3114. 2017-05-11T02:29:02Z DEBUG nsslapd-pluginprecedence:
3115. 2017-05-11T02:29:02Z DEBUG 40
3116. 2017-05-11T02:29:02Z DEBUG nsslapd-plugintype:
3117. 2017-05-11T02:29:02Z DEBUG object
3118. 2017-05-11T02:29:02Z DEBUG nsslapd-plugininitfunc:
3119. 2017-05-11T02:29:02Z DEBUG schema_compat_plugin_init
3120. 2017-05-11T02:29:02Z DEBUG New entry: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
3121. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3122. 2017-05-11T02:29:02Z DEBUG Initial value
3123. 2017-05-11T02:29:02Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
3124. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
3125. 2017-05-11T02:29:02Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
3126. 2017-05-11T02:29:02Z DEBUG cn=%{cn}
3127. 2017-05-11T02:29:02Z DEBUG objectclass=posixAccount
3128. 2017-05-11T02:29:02Z DEBUG gidNumber=%{gidNumber}
3129. 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")
3130. 2017-05-11T02:29:02Z DEBUG gecos=%{cn}
3131. 2017-05-11T02:29:02Z DEBUG ipaanchoruuid=%{ipaanchoruuid}
3132. 2017-05-11T02:29:02Z DEBUG uidNumber=%{uidNumber}
3133. 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
3134. 2017-05-11T02:29:02Z DEBUG loginShell=%{loginShell}
3135. 2017-05-11T02:29:02Z DEBUG homeDirectory=%{homeDirectory}
3136. 2017-05-11T02:29:02Z DEBUG cn:
3137. 2017-05-11T02:29:02Z DEBUG users
3138. 2017-05-11T02:29:02Z DEBUG objectClass:
3139. 2017-05-11T02:29:02Z DEBUG top
3140. 2017-05-11T02:29:02Z DEBUG extensibleObject
3141. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
3142. 2017-05-11T02:29:02Z DEBUG objectclass=posixAccount
3143. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
3144. 2017-05-11T02:29:02Z DEBUG cn=users
3145. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
3146. 2017-05-11T02:29:02Z DEBUG uid=%{uid}
3147. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
3148. 2017-05-11T02:29:02Z DEBUG cn=users, cn=accounts, dc=rdlg,dc=net
3149. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
3150. 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
3151. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3152. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
3153. 2017-05-11T02:29:02Z DEBUG dn: cn=users,cn=Schema Compatibility,cn=plugins,cn=config
3154. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
3155. 2017-05-11T02:29:02Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
3156. 2017-05-11T02:29:02Z DEBUG cn=%{cn}
3157. 2017-05-11T02:29:02Z DEBUG objectclass=posixAccount
3158. 2017-05-11T02:29:02Z DEBUG gidNumber=%{gidNumber}
3159. 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")
3160. 2017-05-11T02:29:02Z DEBUG gecos=%{cn}
3161. 2017-05-11T02:29:02Z DEBUG ipaanchoruuid=%{ipaanchoruuid}
3162. 2017-05-11T02:29:02Z DEBUG uidNumber=%{uidNumber}
3163. 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
3164. 2017-05-11T02:29:02Z DEBUG loginShell=%{loginShell}
3165. 2017-05-11T02:29:02Z DEBUG homeDirectory=%{homeDirectory}
3166. 2017-05-11T02:29:02Z DEBUG cn:
3167. 2017-05-11T02:29:02Z DEBUG users
3168. 2017-05-11T02:29:02Z DEBUG objectClass:
3169. 2017-05-11T02:29:02Z DEBUG top
3170. 2017-05-11T02:29:02Z DEBUG extensibleObject
3171. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
3172. 2017-05-11T02:29:02Z DEBUG objectclass=posixAccount
3173. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
3174. 2017-05-11T02:29:02Z DEBUG cn=users
3175. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
3176. 2017-05-11T02:29:02Z DEBUG uid=%{uid}
3177. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
3178. 2017-05-11T02:29:02Z DEBUG cn=users, cn=accounts, dc=rdlg,dc=net
3179. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
3180. 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
3181. 2017-05-11T02:29:02Z DEBUG New entry: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
3182. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3183. 2017-05-11T02:29:02Z DEBUG Initial value
3184. 2017-05-11T02:29:02Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
3185. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
3186. 2017-05-11T02:29:02Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
3187. 2017-05-11T02:29:02Z DEBUG gidNumber=%{gidNumber}
3188. 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")
3189. 2017-05-11T02:29:02Z DEBUG memberUid=%deref_r("member","uid")
3190. 2017-05-11T02:29:02Z DEBUG objectclass=posixGroup
3191. 2017-05-11T02:29:02Z DEBUG memberUid=%{memberUid}
3192. 2017-05-11T02:29:02Z DEBUG ipaanchoruuid=%{ipaanchoruuid}
3193. 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
3194. 2017-05-11T02:29:02Z DEBUG cn:
3195. 2017-05-11T02:29:02Z DEBUG groups
3196. 2017-05-11T02:29:02Z DEBUG objectClass:
3197. 2017-05-11T02:29:02Z DEBUG top
3198. 2017-05-11T02:29:02Z DEBUG extensibleObject
3199. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
3200. 2017-05-11T02:29:02Z DEBUG objectclass=posixGroup
3201. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
3202. 2017-05-11T02:29:02Z DEBUG cn=groups
3203. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
3204. 2017-05-11T02:29:02Z DEBUG cn=%{cn}
3205. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
3206. 2017-05-11T02:29:02Z DEBUG cn=groups, cn=accounts, dc=rdlg,dc=net
3207. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
3208. 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
3209. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3210. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
3211. 2017-05-11T02:29:02Z DEBUG dn: cn=groups,cn=Schema Compatibility,cn=plugins,cn=config
3212. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
3213. 2017-05-11T02:29:02Z DEBUG %ifeq("ipaanchoruuid","%{ipaanchoruuid}","objectclass=ipaOverrideTarget","")
3214. 2017-05-11T02:29:02Z DEBUG gidNumber=%{gidNumber}
3215. 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","ipaanchoruuid=:IPA:rdlg.net:%{ipauniqueid}","")
3216. 2017-05-11T02:29:02Z DEBUG memberUid=%deref_r("member","uid")
3217. 2017-05-11T02:29:02Z DEBUG objectclass=posixGroup
3218. 2017-05-11T02:29:02Z DEBUG memberUid=%{memberUid}
3219. 2017-05-11T02:29:02Z DEBUG ipaanchoruuid=%{ipaanchoruuid}
3220. 2017-05-11T02:29:02Z DEBUG %ifeq("ipauniqueid","%{ipauniqueid}","objectclass=ipaOverrideTarget","")
3221. 2017-05-11T02:29:02Z DEBUG cn:
3222. 2017-05-11T02:29:02Z DEBUG groups
3223. 2017-05-11T02:29:02Z DEBUG objectClass:
3224. 2017-05-11T02:29:02Z DEBUG top
3225. 2017-05-11T02:29:02Z DEBUG extensibleObject
3226. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
3227. 2017-05-11T02:29:02Z DEBUG objectclass=posixGroup
3228. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
3229. 2017-05-11T02:29:02Z DEBUG cn=groups
3230. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
3231. 2017-05-11T02:29:02Z DEBUG cn=%{cn}
3232. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
3233. 2017-05-11T02:29:02Z DEBUG cn=groups, cn=accounts, dc=rdlg,dc=net
3234. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
3235. 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
3236. 2017-05-11T02:29:02Z DEBUG New entry: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
3237. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3238. 2017-05-11T02:29:02Z DEBUG Initial value
3239. 2017-05-11T02:29:02Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
3240. 2017-05-11T02:29:02Z DEBUG add: 'top' to objectClass, current value []
3241. 2017-05-11T02:29:02Z DEBUG add: updated value ['top']
3242. 2017-05-11T02:29:02Z DEBUG add: 'extensibleObject' to objectClass, current value ['top']
3243. 2017-05-11T02:29:02Z DEBUG add: updated value ['top', 'extensibleObject']
3244. 2017-05-11T02:29:02Z DEBUG add: 'ng' to cn, current value []
3245. 2017-05-11T02:29:02Z DEBUG add: updated value ['ng']
3246. 2017-05-11T02:29:02Z DEBUG add: 'cn=compat, dc=rdlg,dc=net' to schema-compat-container-group, current value []
3247. 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=compat, dc=rdlg,dc=net']
3248. 2017-05-11T02:29:02Z DEBUG add: 'cn=ng' to schema-compat-container-rdn, current value []
3249. 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=ng']
3250. 2017-05-11T02:29:02Z DEBUG add: 'yes' to schema-compat-check-access, current value []
3251. 2017-05-11T02:29:02Z DEBUG add: updated value ['yes']
3252. 2017-05-11T02:29:02Z DEBUG add: 'cn=ng, cn=alt, dc=rdlg,dc=net' to schema-compat-search-base, current value []
3253. 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=ng, cn=alt, dc=rdlg,dc=net']
3254. 2017-05-11T02:29:02Z DEBUG add: '(objectclass=ipaNisNetgroup)' to schema-compat-search-filter, current value []
3255. 2017-05-11T02:29:02Z DEBUG add: updated value ['(objectclass=ipaNisNetgroup)']
3256. 2017-05-11T02:29:02Z DEBUG add: 'cn=%{cn}' to schema-compat-entry-rdn, current value []
3257. 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=%{cn}']
3258. 2017-05-11T02:29:02Z DEBUG add: 'objectclass=nisNetgroup' to schema-compat-entry-attribute, current value []
3259. 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=nisNetgroup']
3260. 2017-05-11T02:29:02Z DEBUG add: 'memberNisNetgroup=%deref_r("member","cn")' to schema-compat-entry-attribute, current value ['objectclass=nisNetgroup']
3261. 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=nisNetgroup', 'memberNisNetgroup=%deref_r("member","cn")']
3262. 2017-05-11T02:29:02Z DEBUG add: 'nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})' to schema-compat-entry-attribute, current value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup']
3263. 2017-05-11T02:29:02Z DEBUG add: updated value ['memberNisNetgroup=%deref_r("member","cn")', 'objectclass=nisNetgroup', 'nisNetgroupTriple=(%link("%ifeq(\\"hostCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%{externalHost}\\\\\\",\\\\\\"%deref(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberHost\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"fqdn\\\\\\\\\\\\\\")\\\\\\")\\")","-",",","%ifeq(\\"userCategory\\",\\"all\\",\\"\\",\\"%collect(\\\\\\"%deref(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\",\\\\\\"%deref_r(\\\\\\\\\\\\\\"memberUser\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"member\\\\\\\\\\\\\\",\\\\\\\\\\\\\\"uid\\\\\\\\\\\\\\")\\\\\\")\\")","-"),%{nisDomainName:-})']
3264. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3265. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
3266. 2017-05-11T02:29:02Z DEBUG dn: cn=ng,cn=Schema Compatibility,cn=plugins,cn=config
3267. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
3268. 2017-05-11T02:29:02Z DEBUG memberNisNetgroup=%deref_r("member","cn")
3269. 2017-05-11T02:29:02Z DEBUG objectclass=nisNetgroup
3270. 2017-05-11T02:29:02Z DEBUG nisNetgroupTriple=(%link("%ifeq(\"hostCategory\",\"all\",\"\",\"%collect(\\\"%{externalHost}\\\",\\\"%deref(\\\\\\\"memberHost\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberHost\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"fqdn\\\\\\\")\\\")\")","-",",","%ifeq(\"userCategory\",\"all\",\"\",\"%collect(\\\"%deref(\\\\\\\"memberUser\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\",\\\"%deref_r(\\\\\\\"memberUser\\\\\\\",\\\\\\\"member\\\\\\\",\\\\\\\"uid\\\\\\\")\\\")\")","-"),%{nisDomainName:-})
3271. 2017-05-11T02:29:02Z DEBUG schema-compat-check-access:
3272. 2017-05-11T02:29:02Z DEBUG yes
3273. 2017-05-11T02:29:02Z DEBUG cn:
3274. 2017-05-11T02:29:02Z DEBUG ng
3275. 2017-05-11T02:29:02Z DEBUG objectClass:
3276. 2017-05-11T02:29:02Z DEBUG top
3277. 2017-05-11T02:29:02Z DEBUG extensibleObject
3278. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
3279. 2017-05-11T02:29:02Z DEBUG (objectclass=ipaNisNetgroup)
3280. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
3281. 2017-05-11T02:29:02Z DEBUG cn=ng
3282. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
3283. 2017-05-11T02:29:02Z DEBUG cn=%{cn}
3284. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
3285. 2017-05-11T02:29:02Z DEBUG cn=ng, cn=alt, dc=rdlg,dc=net
3286. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
3287. 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
3288. 2017-05-11T02:29:02Z DEBUG New entry: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
3289. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3290. 2017-05-11T02:29:02Z DEBUG Initial value
3291. 2017-05-11T02:29:02Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
3292. 2017-05-11T02:29:02Z DEBUG add: 'top' to objectClass, current value []
3293. 2017-05-11T02:29:02Z DEBUG add: updated value ['top']
3294. 2017-05-11T02:29:02Z DEBUG add: 'extensibleObject' to objectClass, current value ['top']
3295. 2017-05-11T02:29:02Z DEBUG add: updated value ['top', 'extensibleObject']
3296. 2017-05-11T02:29:02Z DEBUG add: 'sudoers' to cn, current value []
3297. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoers']
3298. 2017-05-11T02:29:02Z DEBUG add: 'ou=SUDOers, dc=rdlg,dc=net' to schema-compat-container-group, current value []
3299. 2017-05-11T02:29:02Z DEBUG add: updated value ['ou=SUDOers, dc=rdlg,dc=net']
3300. 2017-05-11T02:29:02Z DEBUG add: 'cn=sudorules, cn=sudo, dc=rdlg,dc=net' to schema-compat-search-base, current value []
3301. 2017-05-11T02:29:02Z DEBUG add: updated value ['cn=sudorules, cn=sudo, dc=rdlg,dc=net']
3302. 2017-05-11T02:29:02Z DEBUG add: '(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))' to schema-compat-search-filter, current value []
3303. 2017-05-11T02:29:02Z DEBUG add: updated value ['(&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))']
3304. 2017-05-11T02:29:02Z DEBUG add: '%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")' to schema-compat-entry-rdn, current value []
3305. 2017-05-11T02:29:02Z DEBUG add: updated value ['%ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")']
3306. 2017-05-11T02:29:02Z DEBUG add: 'objectclass=sudoRole' to schema-compat-entry-attribute, current value []
3307. 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=sudoRole']
3308. 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole']
3309. 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")']
3310. 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole']
3311. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
3312. 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
3313. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
3314. 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
3315. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
3316. 2017-05-11T02:29:02Z DEBUG add: 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")']
3317. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
3318. 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
3319. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")']
3320. 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
3321. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")']
3322. 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
3323. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")']
3324. 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
3325. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")']
3326. 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole']
3327. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
3328. 2017-05-11T02:29:02Z DEBUG add: 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
3329. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")']
3330. 2017-05-11T02:29:02Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
3331. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")']
3332. 2017-05-11T02:29:02Z DEBUG add: 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole']
3333. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
3334. 2017-05-11T02:29:02Z DEBUG add: 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
3335. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")']
3336. 2017-05-11T02:29:02Z DEBUG add: 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
3337. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")']
3338. 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
3339. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")']
3340. 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")']
3341. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
3342. 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")' to schema-compat-entry-attribute, current value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
3343. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'objectclass=sudoRole', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")']
3344. 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
3345. 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
3346. 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")' to schema-compat-entry-attribute, current value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
3347. 2017-05-11T02:29:02Z DEBUG add: updated value ['objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")']
3348. 2017-05-11T02:29:02Z DEBUG add: 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")' to schema-compat-entry-attribute, current value ['sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")']
3349. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")']
3350. 2017-05-11T02:29:02Z DEBUG add: 'sudoOption=%{ipaSudoOpt}' to schema-compat-entry-attribute, current value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")']
3351. 2017-05-11T02:29:02Z DEBUG add: updated value ['sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\\",\\"member\\",\\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\\",\\"fqdn\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\\"memberUser\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\\",\\"cn\\")")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\\"memberUser\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")', 'sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\\"ipaSudoRunAsGroup\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\\"memberHost\\",\\"(objectclass=ipaHost)\\",\\"fqdn\\")")', 'objectclass=sudoRole', 'sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\\"memberUser\\",\\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\\",\\"member\\",\\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\\",\\"uid\\")")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\\"memberAllowCmd\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixAccount)\\",\\"uid\\")")', 'sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\\"memberUser\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\\"ipaSudoRunAs\\",\\"(objectclass=posixGroup)\\",\\"cn\\")")', 'sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")', 'sudoCommand=!%deref("memberDenyCmd","sudoCmd")', 'sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")', 'sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\\"memberAllowCmd\\",\\"member\\",\\"sudoCmd\\")")', 'sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\\"memberHost\\",\\"(objectclass=ipaNisNetgroup)\\",\\"cn\\")")', 'sudoOption=%{ipaSudoOpt}']
3352. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3353. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
3354. 2017-05-11T02:29:02Z DEBUG dn: cn=sudoers,cn=Schema Compatibility,cn=plugins,cn=config
3355. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
3356. 2017-05-11T02:29:02Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%{ipaSudoRunAsExtUserGroup}")
3357. 2017-05-11T02:29:02Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%{externalUser}")
3358. 2017-05-11T02:29:02Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_rf(\"memberHost\",\"(&(objectclass=ipaHostGroup)(!(objectclass=mepOriginEntry)))\",\"member\",\"(|(objectclass=ipaHostGroup)(objectclass=ipaHost))\",\"fqdn\")")
3359. 2017-05-11T02:29:02Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%%%deref_f(\"memberUser\",\"(objectclass=posixGroup)\",\"cn\")")
3360. 2017-05-11T02:29:02Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(&(objectclass=ipaHostGroup)(objectclass=mepOriginEntry))\",\"cn\")")
3361. 2017-05-11T02:29:02Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%{ipaSudoRunAsExtGroup}")
3362. 2017-05-11T02:29:02Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_f(\"memberUser\",\"(objectclass=posixAccount)\",\"uid\")")
3363. 2017-05-11T02:29:02Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","+%deref_f(\"memberHost\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")
3364. 2017-05-11T02:29:02Z DEBUG sudoRunAsGroup=%ifeq("ipaSudoRunAsGroupCategory","all","ALL","%deref_f(\"ipaSudoRunAsGroup\",\"(objectclass=posixGroup)\",\"cn\")")
3365. 2017-05-11T02:29:02Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%deref_f(\"memberHost\",\"(objectclass=ipaHost)\",\"fqdn\")")
3366. 2017-05-11T02:29:02Z DEBUG objectclass=sudoRole
3367. 2017-05-11T02:29:02Z DEBUG sudoOption=%{ipaSudoOpt}
3368. 2017-05-11T02:29:02Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","%deref_rf(\"memberUser\",\"(&(objectclass=ipaUserGroup)(!(objectclass=posixGroup)))\",\"member\",\"(|(objectclass=ipaUserGroup)(objectclass=posixAccount))\",\"uid\")")
3369. 2017-05-11T02:29:02Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref(\"memberAllowCmd\",\"sudoCmd\")")
3370. 2017-05-11T02:29:02Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{hostMask}")
3371. 2017-05-11T02:29:02Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixAccount)\",\"uid\")")
3372. 2017-05-11T02:29:02Z DEBUG sudoUser=%ifeq("userCategory","all","ALL","+%deref_f(\"memberUser\",\"(objectclass=ipaNisNetgroup)\",\"cn\")")
3373. 2017-05-11T02:29:02Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%%%deref_f(\"ipaSudoRunAs\",\"(objectclass=posixGroup)\",\"cn\")")
3374. 2017-05-11T02:29:02Z DEBUG sudoRunAsUser=%ifeq("ipaSudoRunAsUserCategory","all","ALL","%{ipaSudoRunAsExtUser}")
3375. 2017-05-11T02:29:02Z DEBUG sudoCommand=!%deref("memberDenyCmd","sudoCmd")
3376. 2017-05-11T02:29:02Z DEBUG sudoCommand=!%deref_r("memberDenyCmd","member","sudoCmd")
3377. 2017-05-11T02:29:02Z DEBUG sudoCommand=%ifeq("cmdCategory","all","ALL","%deref_r(\"memberAllowCmd\",\"member\",\"sudoCmd\")")
3378. 2017-05-11T02:29:02Z DEBUG sudoHost=%ifeq("hostCategory","all","ALL","%{externalHost}")
3379. 2017-05-11T02:29:02Z DEBUG cn:
3380. 2017-05-11T02:29:02Z DEBUG sudoers
3381. 2017-05-11T02:29:02Z DEBUG objectClass:
3382. 2017-05-11T02:29:02Z DEBUG top
3383. 2017-05-11T02:29:02Z DEBUG extensibleObject
3384. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
3385. 2017-05-11T02:29:02Z DEBUG (&(objectclass=ipaSudoRule)(!(compatVisible=FALSE))(!(ipaEnabledFlag=FALSE)))
3386. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
3387. 2017-05-11T02:29:02Z DEBUG %ifeq("ipaEnabledFlag", "FALSE", "DISABLED", "cn=%{cn}")
3388. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
3389. 2017-05-11T02:29:02Z DEBUG cn=sudorules, cn=sudo, dc=rdlg,dc=net
3390. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
3391. 2017-05-11T02:29:02Z DEBUG ou=SUDOers, dc=rdlg,dc=net
3392. 2017-05-11T02:29:02Z DEBUG New entry: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
3393. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3394. 2017-05-11T02:29:02Z DEBUG Initial value
3395. 2017-05-11T02:29:02Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
3396. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
3397. 2017-05-11T02:29:02Z DEBUG objectclass=device
3398. 2017-05-11T02:29:02Z DEBUG cn=%{fqdn}
3399. 2017-05-11T02:29:02Z DEBUG macAddress=%{macAddress}
3400. 2017-05-11T02:29:02Z DEBUG objectclass=ieee802Device
3401. 2017-05-11T02:29:02Z DEBUG cn:
3402. 2017-05-11T02:29:02Z DEBUG computers
3403. 2017-05-11T02:29:02Z DEBUG objectClass:
3404. 2017-05-11T02:29:02Z DEBUG top
3405. 2017-05-11T02:29:02Z DEBUG extensibleObject
3406. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
3407. 2017-05-11T02:29:02Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
3408. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
3409. 2017-05-11T02:29:02Z DEBUG cn=computers
3410. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
3411. 2017-05-11T02:29:02Z DEBUG cn=%first("%{fqdn}")
3412. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
3413. 2017-05-11T02:29:02Z DEBUG cn=computers, cn=accounts, dc=rdlg,dc=net
3414. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
3415. 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
3416. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3417. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
3418. 2017-05-11T02:29:02Z DEBUG dn: cn=computers,cn=Schema Compatibility,cn=plugins,cn=config
3419. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-attribute:
3420. 2017-05-11T02:29:02Z DEBUG objectclass=device
3421. 2017-05-11T02:29:02Z DEBUG cn=%{fqdn}
3422. 2017-05-11T02:29:02Z DEBUG macAddress=%{macAddress}
3423. 2017-05-11T02:29:02Z DEBUG objectclass=ieee802Device
3424. 2017-05-11T02:29:02Z DEBUG cn:
3425. 2017-05-11T02:29:02Z DEBUG computers
3426. 2017-05-11T02:29:02Z DEBUG objectClass:
3427. 2017-05-11T02:29:02Z DEBUG top
3428. 2017-05-11T02:29:02Z DEBUG extensibleObject
3429. 2017-05-11T02:29:02Z DEBUG schema-compat-search-filter:
3430. 2017-05-11T02:29:02Z DEBUG (&(macAddress=*)(fqdn=*)(objectClass=ipaHost))
3431. 2017-05-11T02:29:02Z DEBUG schema-compat-container-rdn:
3432. 2017-05-11T02:29:02Z DEBUG cn=computers
3433. 2017-05-11T02:29:02Z DEBUG schema-compat-entry-rdn:
3434. 2017-05-11T02:29:02Z DEBUG cn=%first("%{fqdn}")
3435. 2017-05-11T02:29:02Z DEBUG schema-compat-search-base:
3436. 2017-05-11T02:29:02Z DEBUG cn=computers, cn=accounts, dc=rdlg,dc=net
3437. 2017-05-11T02:29:02Z DEBUG schema-compat-container-group:
3438. 2017-05-11T02:29:02Z DEBUG cn=compat, dc=rdlg,dc=net
3439. 2017-05-11T02:29:02Z DEBUG Updating existing entry: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
3440. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3441. 2017-05-11T02:29:02Z DEBUG Initial value
3442. 2017-05-11T02:29:02Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
3443. 2017-05-11T02:29:02Z DEBUG objectClass:
3444. 2017-05-11T02:29:02Z DEBUG top
3445. 2017-05-11T02:29:02Z DEBUG directoryServerFeature
3446. 2017-05-11T02:29:02Z DEBUG aci:
3447. 2017-05-11T02:29:02Z DEBUG (targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)
3448. 2017-05-11T02:29:02Z DEBUG oid:
3449. 2017-05-11T02:29:02Z DEBUG 2.16.840.1.113730.3.4.9
3450. 2017-05-11T02:29:02Z DEBUG cn:
3451. 2017-05-11T02:29:02Z DEBUG VLV Request Control
3452. 2017-05-11T02:29:02Z DEBUG only: set aci to '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )', current value ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)']
3453. 2017-05-11T02:29:02Z DEBUG only: updated value ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']
3454. 2017-05-11T02:29:02Z DEBUG ---------------------------------------------
3455. 2017-05-11T02:29:02Z DEBUG Final value after applying updates
3456. 2017-05-11T02:29:02Z DEBUG dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
3457. 2017-05-11T02:29:02Z DEBUG objectClass:
3458. 2017-05-11T02:29:02Z DEBUG top
3459. 2017-05-11T02:29:02Z DEBUG directoryServerFeature
3460. 2017-05-11T02:29:02Z DEBUG aci:
3461. 2017-05-11T02:29:02Z DEBUG (targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )
3462. 2017-05-11T02:29:02Z DEBUG oid:
3463. 2017-05-11T02:29:02Z DEBUG 2.16.840.1.113730.3.4.9
3464. 2017-05-11T02:29:02Z DEBUG cn:
3465. 2017-05-11T02:29:02Z DEBUG VLV Request Control
3466. 2017-05-11T02:29:02Z DEBUG [(0, u'aci', ['(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )']), (1, u'aci', ['(targetattr != "aci")(version 3.0; acl "VLV Request Control"; allow( read, search, compare, proxy ) userdn = "ldap:///all";)'])]
3467. 2017-05-11T02:29:02Z DEBUG Updated 1
3468. 2017-05-11T02:29:02Z DEBUG Done
3469. 2017-05-11T02:29:02Z DEBUG Destroyed connection context.ldap2_89920016
3470. 2017-05-11T02:29:02Z DEBUG duration: 1 seconds
3471. 2017-05-11T02:29:02Z DEBUG [44/47]: activating sidgen plugin
3472. 2017-05-11T02:29:02Z DEBUG Starting external process
3473. 2017-05-11T02:29:02Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpcrxD4O -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmpKPxyGP
3474. 2017-05-11T02:29:02Z DEBUG Process finished, return code=0
3475. 2017-05-11T02:29:02Z DEBUG stdout=add objectclass:
3476. top
3477. nsSlapdPlugin
3478. extensibleObject
3479. add cn:
3480. IPA SIDGEN
3481. add nsslapd-pluginpath:
3482. libipa_sidgen
3483. add nsslapd-plugininitfunc:
3484. ipa_sidgen_init
3485. add nsslapd-plugintype:
3486. postoperation
3487. add nsslapd-pluginenabled:
3488. on
3489. add nsslapd-pluginid:
3490. ipa_sidgen_postop
3491. add nsslapd-pluginversion:
3492. 1.0
3493. add nsslapd-pluginvendor:
3494. Red Hat, Inc.
3495. add nsslapd-plugindescription:
3496. IPA SIDGEN post operation
3497. add nsslapd-plugin-depends-on-type:
3498. database
3499. add nsslapd-basedn:
3500. dc=rdlg,dc=net
3501. adding new entry "cn=IPA SIDGEN,cn=plugins,cn=config"
3502. modify complete
3503.  
3504.  
3505. 2017-05-11T02:29:02Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
3506.  
3507. 2017-05-11T02:29:02Z DEBUG duration: 0 seconds
3508. 2017-05-11T02:29:02Z DEBUG [45/47]: activating extdom plugin
3509. 2017-05-11T02:29:02Z DEBUG Starting external process
3510. 2017-05-11T02:29:02Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmprEAnAv -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp2hBUWd
3511. 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
3512. 2017-05-11T02:29:03Z DEBUG stdout=add objectclass:
3513. top
3514. nsSlapdPlugin
3515. extensibleObject
3516. add cn:
3517. ipa_extdom_extop
3518. add nsslapd-pluginpath:
3519. libipa_extdom_extop
3520. add nsslapd-plugininitfunc:
3521. ipa_extdom_init
3522. add nsslapd-plugintype:
3523. extendedop
3524. add nsslapd-pluginenabled:
3525. on
3526. add nsslapd-pluginid:
3527. ipa_extdom_extop
3528. add nsslapd-pluginversion:
3529. 1.0
3530. add nsslapd-pluginvendor:
3531. RedHat
3532. add nsslapd-plugindescription:
3533. Support resolving IDs in trusted domains to names and back
3534. add nsslapd-plugin-depends-on-type:
3535. database
3536. add nsslapd-basedn:
3537. dc=rdlg,dc=net
3538. adding new entry "cn=ipa_extdom_extop,cn=plugins,cn=config"
3539. modify complete
3540.  
3541.  
3542. 2017-05-11T02:29:03Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
3543.  
3544. 2017-05-11T02:29:03Z DEBUG duration: 0 seconds
3545. 2017-05-11T02:29:03Z DEBUG [46/47]: tuning directory server
3546. 2017-05-11T02:29:03Z DEBUG Starting external process
3547. 2017-05-11T02:29:03Z DEBUG args=/usr/sbin/selinuxenabled
3548. 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
3549. 2017-05-11T02:29:03Z DEBUG stdout=
3550. 2017-05-11T02:29:03Z DEBUG stderr=
3551. 2017-05-11T02:29:03Z DEBUG Starting external process
3552. 2017-05-11T02:29:03Z DEBUG args=/sbin/restorecon /etc/sysconfig/dirsrv.systemd
3553. 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
3554. 2017-05-11T02:29:03Z DEBUG stdout=
3555. 2017-05-11T02:29:03Z DEBUG stderr=
3556. 2017-05-11T02:29:03Z DEBUG Starting external process
3557. 2017-05-11T02:29:03Z DEBUG args=/bin/systemctl --system daemon-reload
3558. 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
3559. 2017-05-11T02:29:03Z DEBUG stdout=
3560. 2017-05-11T02:29:03Z DEBUG stderr=
3561. 2017-05-11T02:29:03Z DEBUG Starting external process
3562. 2017-05-11T02:29:03Z DEBUG args=/bin/systemctl --system daemon-reload
3563. 2017-05-11T02:29:03Z DEBUG Process finished, return code=0
3564. 2017-05-11T02:29:03Z DEBUG stdout=
3565. 2017-05-11T02:29:03Z DEBUG stderr=
3566. 2017-05-11T02:29:03Z DEBUG Starting external process
3567. 2017-05-11T02:29:03Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service
3568. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
3569. 2017-05-11T02:29:04Z DEBUG stdout=
3570. 2017-05-11T02:29:04Z DEBUG stderr=
3571. 2017-05-11T02:29:04Z DEBUG Starting external process
3572. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
3573. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
3574. 2017-05-11T02:29:04Z DEBUG stdout=active
3575.  
3576. 2017-05-11T02:29:04Z DEBUG stderr=
3577. 2017-05-11T02:29:04Z DEBUG wait_for_open_ports: localhost [389] timeout 300
3578. 2017-05-11T02:29:04Z DEBUG Starting external process
3579. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
3580. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
3581. 2017-05-11T02:29:04Z DEBUG stdout=active
3582.  
3583. 2017-05-11T02:29:04Z DEBUG stderr=
3584. 2017-05-11T02:29:04Z DEBUG Starting external process
3585. 2017-05-11T02:29:04Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpxGj6jQ -H ldap://ipa.rdlg.net:389 -x -D cn=Directory Manager -y /tmp/tmp43ffA4
3586. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
3587. 2017-05-11T02:29:04Z DEBUG stdout=replace nsslapd-maxdescriptors:
3588. 8192
3589. replace nsslapd-reservedescriptors:
3590. 64
3591. modifying entry "cn=config"
3592. modify complete
3593.  
3594.  
3595. 2017-05-11T02:29:04Z DEBUG stderr=ldap_initialize( ldap://ipa.rdlg.net:389/??base )
3596.  
3597. 2017-05-11T02:29:04Z DEBUG duration: 1 seconds
3598. 2017-05-11T02:29:04Z DEBUG [47/47]: configuring directory to start on boot
3599. 2017-05-11T02:29:04Z DEBUG Starting external process
3600. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-enabled dirsrv@RDLG-NET.service
3601. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
3602. 2017-05-11T02:29:04Z DEBUG stdout=enabled
3603.  
3604. 2017-05-11T02:29:04Z DEBUG stderr=
3605. 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
3606. 2017-05-11T02:29:04Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
3607. 2017-05-11T02:29:04Z DEBUG Starting external process
3608. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl disable dirsrv@RDLG-NET.service
3609. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
3610. 2017-05-11T02:29:04Z DEBUG stdout=
3611. 2017-05-11T02:29:04Z DEBUG stderr=Removed symlink /etc/systemd/system/dirsrv.target.wants/dirsrv@RDLG-NET.service.
3612.  
3613. 2017-05-11T02:29:04Z DEBUG duration: 0 seconds
3614. 2017-05-11T02:29:04Z DEBUG Done configuring directory server (dirsrv).
3615. 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
3616. 2017-05-11T02:29:04Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
3617. 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
3618. 2017-05-11T02:29:04Z DEBUG Starting external process
3619. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-active ntpd.service
3620. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
3621. 2017-05-11T02:29:04Z DEBUG stdout=active
3622.  
3623. 2017-05-11T02:29:04Z DEBUG stderr=
3624. 2017-05-11T02:29:04Z DEBUG Starting external process
3625. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl disable ntpd.service
3626. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
3627. 2017-05-11T02:29:04Z DEBUG stdout=
3628. 2017-05-11T02:29:04Z DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/ntpd.service.
3629.  
3630. 2017-05-11T02:29:04Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
3631. 2017-05-11T02:29:04Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x34c0ef0>
3632. 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
3633. 2017-05-11T02:29:04Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
3634. 2017-05-11T02:29:04Z DEBUG Starting external process
3635. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl start ntpd.service
3636. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
3637. 2017-05-11T02:29:04Z DEBUG stdout=
3638. 2017-05-11T02:29:04Z DEBUG stderr=
3639. 2017-05-11T02:29:04Z DEBUG Starting external process
3640. 2017-05-11T02:29:04Z DEBUG args=/bin/systemctl is-active ntpd.service
3641. 2017-05-11T02:29:04Z DEBUG Process finished, return code=0
3642. 2017-05-11T02:29:04Z DEBUG stdout=active
3643.  
3644. 2017-05-11T02:29:04Z DEBUG stderr=
3645. 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
3646. 2017-05-11T02:29:04Z DEBUG Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes 30 seconds
3647. 2017-05-11T02:29:04Z DEBUG [1/31]: creating certificate server user
3648. 2017-05-11T02:29:04Z DEBUG group pkiuser exists
3649. 2017-05-11T02:29:04Z DEBUG user pkiuser exists
3650. 2017-05-11T02:29:04Z DEBUG duration: 0 seconds
3651. 2017-05-11T02:29:04Z DEBUG [2/31]: configuring certificate server instance
3652. 2017-05-11T02:29:04Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
3653. 2017-05-11T02:29:04Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
3654. 2017-05-11T02:29:04Z DEBUG Contents of pkispawn configuration file (/tmp/tmpBfvvBv):
3655. [CA]
3656. pki_security_domain_name = IPA
3657. pki_enable_proxy = True
3658. pki_restart_configured_instance = False
3659. pki_backup_keys = True
3660. pki_backup_password = XXXXXXXX
3661. pki_profiles_in_ldap = True
3662. pki_default_ocsp_uri = http://ipa-ca.rdlg.net/ca/ocsp
3663. pki_client_database_dir = /tmp/tmp-2dhsv2
3664. pki_client_database_password = XXXXXXXX
3665. pki_client_database_purge = False
3666. pki_client_pkcs12_password = XXXXXXXX
3667. pki_admin_name = admin
3668. pki_admin_uid = admin
3669. pki_admin_email = root@localhost
3670. pki_admin_password = XXXXXXXX
3671. pki_admin_nickname = ipa-ca-agent
3672. pki_admin_subject_dn = cn=ipa-ca-agent,O=RDLG.NET
3673. pki_client_admin_cert_p12 = /root/ca-agent.p12
3674. pki_ds_ldap_port = 389
3675. pki_ds_password = XXXXXXXX
3676. pki_ds_base_dn = o=ipaca
3677. pki_ds_database = ipaca
3678. pki_subsystem_subject_dn = cn=CA Subsystem,O=RDLG.NET
3679. pki_ocsp_signing_subject_dn = cn=OCSP Subsystem,O=RDLG.NET
3680. pki_ssl_server_subject_dn = cn=ipa.rdlg.net,O=RDLG.NET
3681. pki_audit_signing_subject_dn = cn=CA Audit,O=RDLG.NET
3682. pki_ca_signing_subject_dn = cn=Certificate Authority,O=RDLG.NET
3683. pki_subsystem_nickname = subsystemCert cert-pki-ca
3684. pki_ocsp_signing_nickname = ocspSigningCert cert-pki-ca
3685. pki_ssl_server_nickname = Server-Cert cert-pki-ca
3686. pki_audit_signing_nickname = auditSigningCert cert-pki-ca
3687. pki_ca_signing_nickname = caSigningCert cert-pki-ca
3688. pki_ca_signing_key_algorithm = SHA256withRSA
3689.  
3690.  
3691. 2017-05-11T02:29:04Z DEBUG Starting external process
3692. 2017-05-11T02:29:04Z DEBUG args=/usr/sbin/pkispawn -s CA -f /tmp/tmpBfvvBv
3693. 2017-05-11T02:30:01Z DEBUG Process finished, return code=0
3694. 2017-05-11T02:30:01Z DEBUG stdout=Log file: /var/log/pki/pki-ca-spawn.20170510202904.log
3695. Loading deployment configuration from /tmp/tmpBfvvBv.
3696. Installing CA into /var/lib/pki/pki-tomcat.
3697. Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
3698.  
3699. ==========================================================================
3700. INSTALLATION SUMMARY
3701. ==========================================================================
3702.  
3703. Administrator's username: admin
3704. Administrator's PKCS #12 file:
3705. /root/ca-agent.p12
3706.  
3707. Administrator's certificate nickname:
3708. ipa-ca-agent
3709. Administrator's certificate database:
3710. /tmp/tmp-2dhsv2
3711.  
3712. To check the status of the subsystem:
3713. systemctl status pki-tomcatd@pki-tomcat.service
3714.  
3715. To restart the subsystem:
3716. systemctl restart pki-tomcatd@pki-tomcat.service
3717.  
3718. The URL for the subsystem is:
3719. https://ipa.rdlg.net:8443/ca
3720.  
3721. PKI instances will be enabled upon system boot
3722.  
3723. ==========================================================================
3724.  
3725.  
3726. 2017-05-11T02:30:01Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
3727. Created symlink from /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target to /usr/lib/systemd/system/pki-tomcatd.target.
3728.  
3729. 2017-05-11T02:30:01Z DEBUG completed creating ca instance
3730. 2017-05-11T02:30:01Z DEBUG duration: 56 seconds
3731. 2017-05-11T02:30:01Z DEBUG [3/31]: stopping certificate server instance to update CS.cfg
3732. 2017-05-11T02:30:01Z DEBUG Starting external process
3733. 2017-05-11T02:30:01Z DEBUG args=/bin/systemctl stop pki-tomcatd@pki-tomcat.service
3734. 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
3735. 2017-05-11T02:30:02Z DEBUG stdout=
3736. 2017-05-11T02:30:02Z DEBUG stderr=
3737. 2017-05-11T02:30:02Z DEBUG duration: 0 seconds
3738. 2017-05-11T02:30:02Z DEBUG [4/31]: backing up CS.cfg
3739. 2017-05-11T02:30:02Z DEBUG Starting external process
3740. 2017-05-11T02:30:02Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
3741. 2017-05-11T02:30:02Z DEBUG Process finished, return code=3
3742. 2017-05-11T02:30:02Z DEBUG stdout=inactive
3743.  
3744. 2017-05-11T02:30:02Z DEBUG stderr=
3745. 2017-05-11T02:30:02Z DEBUG duration: 0 seconds
3746. 2017-05-11T02:30:02Z DEBUG [5/31]: disabling nonces
3747. 2017-05-11T02:30:02Z DEBUG duration: 0 seconds
3748. 2017-05-11T02:30:02Z DEBUG [6/31]: set up CRL publishing
3749. 2017-05-11T02:30:02Z DEBUG Starting external process
3750. 2017-05-11T02:30:02Z DEBUG args=/usr/sbin/selinuxenabled
3751. 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
3752. 2017-05-11T02:30:02Z DEBUG stdout=
3753. 2017-05-11T02:30:02Z DEBUG stderr=
3754. 2017-05-11T02:30:02Z DEBUG Starting external process
3755. 2017-05-11T02:30:02Z DEBUG args=/sbin/restorecon /var/lib/ipa/pki-ca/publish
3756. 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
3757. 2017-05-11T02:30:02Z DEBUG stdout=
3758. 2017-05-11T02:30:02Z DEBUG stderr=
3759. 2017-05-11T02:30:02Z DEBUG duration: 0 seconds
3760. 2017-05-11T02:30:02Z DEBUG [7/31]: enable PKIX certificate path discovery and validation
3761. 2017-05-11T02:30:02Z DEBUG duration: 0 seconds
3762. 2017-05-11T02:30:02Z DEBUG [8/31]: starting certificate server instance
3763. 2017-05-11T02:30:02Z DEBUG Starting external process
3764. 2017-05-11T02:30:02Z DEBUG args=/bin/systemctl start pki-tomcatd@pki-tomcat.service
3765. 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
3766. 2017-05-11T02:30:02Z DEBUG stdout=
3767. 2017-05-11T02:30:02Z DEBUG stderr=
3768. 2017-05-11T02:30:02Z DEBUG Starting external process
3769. 2017-05-11T02:30:02Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
3770. 2017-05-11T02:30:02Z DEBUG Process finished, return code=0
3771. 2017-05-11T02:30:02Z DEBUG stdout=active
3772.  
3773. 2017-05-11T02:30:02Z DEBUG stderr=
3774. 2017-05-11T02:30:02Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
3775. 2017-05-11T02:30:04Z DEBUG Waiting until the CA is running
3776. 2017-05-11T02:30:04Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus
3777. 2017-05-11T02:30:04Z DEBUG request body ''
3778. 2017-05-11T02:30:12Z DEBUG response status 200
3779. 2017-05-11T02:30:12Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:12 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
3780. 2017-05-11T02:30:12Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>'
3781. 2017-05-11T02:30:12Z DEBUG The CA status is: running
3782. 2017-05-11T02:30:12Z DEBUG duration: 10 seconds
3783. 2017-05-11T02:30:12Z DEBUG [9/31]: creating RA agent certificate database
3784. 2017-05-11T02:30:12Z DEBUG Starting external process
3785. 2017-05-11T02:30:12Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -N
3786. 2017-05-11T02:30:12Z DEBUG Process finished, return code=0
3787. 2017-05-11T02:30:12Z DEBUG stdout=
3788. 2017-05-11T02:30:12Z DEBUG stderr=
3789. 2017-05-11T02:30:12Z DEBUG duration: 0 seconds
3790. 2017-05-11T02:30:12Z DEBUG [10/31]: importing CA chain to RA certificate database
3791. 2017-05-11T02:30:12Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
3792. 2017-05-11T02:30:12Z DEBUG Starting external process
3793. 2017-05-11T02:30:12Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L
3794. 2017-05-11T02:30:12Z DEBUG Process finished, return code=0
3795. 2017-05-11T02:30:12Z DEBUG stdout=
3796. Certificate Nickname Trust Attributes
3797. SSL,S/MIME,JAR/XPI
3798.  
3799.  
3800. 2017-05-11T02:30:12Z DEBUG stderr=
3801. 2017-05-11T02:30:12Z DEBUG Starting external process
3802. 2017-05-11T02:30:12Z DEBUG args=/usr/bin/openssl pkcs7 -inform DER -print_certs
3803. 2017-05-11T02:30:12Z DEBUG Process finished, return code=0
3804. 2017-05-11T02:30:12Z DEBUG stdout=subject=/O=RDLG.NET/CN=Certificate Authority
3805. issuer=/O=RDLG.NET/CN=Certificate Authority
3806. -----BEGIN CERTIFICATE-----
3807. MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
3808. Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
3809. Mjk1NloXDTM3MDUxMTAyMjk1NlowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV
3810. BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
3811. ADCCAQoCggEBAL7p94qOWxiCMRT+Engmh3SKl6MFWOgXWnYfZYd8DikRR+Lhstl0
3812. LYHb9OEbJW7VjhHu6TYfAyunXx1i/FWbDQy+5H/qWUZDUPNeg6D7HsJOnWjEpWsf
3813. 0Y8IR4dqb0nsbvscGZOY6IfxWBvTcoUpb6fATZnjJYJEXKvbwk3Fnedb/yt3Xu4j
3814. mPa59Ey0M43q2oRtgwZKyxn2Jjqkoze27Q6sdvCeHOlFy3kX5tzoTtmQ1moZlkYY
3815. a5crBdiZjG+PIv3VocYU2RzA4/r08Cs173Qpe1TLou/4zJ4Ru7qq1gbWHIN0ZDXB
3816. eO/CGO4iutUTzFZmrKh/eGr5l1EAXEQry+0CAwEAAaOBoDCBnTAfBgNVHSMEGDAW
3817. gBTKFHJz+E5g4+IfmXy8Iq2YQzXe8zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
3818. /wQEAwIBxjAdBgNVHQ4EFgQUyhRyc/hOYOPiH5l8vCKtmEM13vMwOgYIKwYBBQUH
3819. AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j
3820. c3AwDQYJKoZIhvcNAQELBQADggEBAAe2GwBcMyjzUn24OAMxBSDmJTr49ByS4+zu
3821. 7Y7gXVuS5lvMOm+DaM9UZXkQtvPwB3XtOrhX0USUhq1uhDuh2bYfkxKekGPWYyo0
3822. 1jDpvBp8IQaD9tcAJcc+KcAmdN2hV5r372xhWosMlT+gkqNm1tpQ15kzrHJHgGRy
3823. 243aRtXVr1RdTCNOm7Qplj5+xXtFyElcSFkrsqvoQrKnp0GY81zw6OmdQaC4GYAv
3824. uZazc5OlNNpGLDYtN5iT4VR4fIdYkfi174VtNlR1O9ZGZ+on863r9CTUhHmnzz5I
3825. /EfCR4uOA6jCe2XbGJMVhdZzMFWKH1ddo6WHyuzBQANOuqlAt5E=
3826. -----END CERTIFICATE-----
3827.  
3828.  
3829. 2017-05-11T02:30:12Z DEBUG stderr=
3830. 2017-05-11T02:30:12Z DEBUG Starting external process
3831. 2017-05-11T02:30:12Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -A -t CT,C,C -n RDLG.NET IPA CA -a -i /tmp/tmpcz6QUn
3832. 2017-05-11T02:30:12Z DEBUG Process finished, return code=0
3833. 2017-05-11T02:30:12Z DEBUG stdout=
3834. 2017-05-11T02:30:12Z DEBUG stderr=
3835. 2017-05-11T02:30:12Z DEBUG duration: 0 seconds
3836. 2017-05-11T02:30:12Z DEBUG [11/31]: fixing RA database permissions
3837. 2017-05-11T02:30:12Z DEBUG duration: 0 seconds
3838. 2017-05-11T02:30:12Z DEBUG [12/31]: setting up signing cert profile
3839. 2017-05-11T02:30:12Z DEBUG duration: 0 seconds
3840. 2017-05-11T02:30:12Z DEBUG [13/31]: setting audit signing renewal to 2 years
3841. 2017-05-11T02:30:12Z DEBUG caSignedLogCert.cfg profile validity range is 720
3842. 2017-05-11T02:30:12Z DEBUG duration: 0 seconds
3843. 2017-05-11T02:30:12Z DEBUG [14/31]: restarting certificate server
3844. 2017-05-11T02:30:12Z DEBUG Starting external process
3845. 2017-05-11T02:30:12Z DEBUG args=/bin/systemctl restart pki-tomcatd@pki-tomcat.service
3846. 2017-05-11T02:30:13Z DEBUG Process finished, return code=0
3847. 2017-05-11T02:30:13Z DEBUG stdout=
3848. 2017-05-11T02:30:13Z DEBUG stderr=
3849. 2017-05-11T02:30:13Z DEBUG Starting external process
3850. 2017-05-11T02:30:13Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
3851. 2017-05-11T02:30:13Z DEBUG Process finished, return code=0
3852. 2017-05-11T02:30:13Z DEBUG stdout=active
3853.  
3854. 2017-05-11T02:30:13Z DEBUG stderr=
3855. 2017-05-11T02:30:13Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
3856. 2017-05-11T02:30:15Z DEBUG Waiting until the CA is running
3857. 2017-05-11T02:30:15Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus
3858. 2017-05-11T02:30:15Z DEBUG request body ''
3859. 2017-05-11T02:30:23Z DEBUG response status 200
3860. 2017-05-11T02:30:23Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:23 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
3861. 2017-05-11T02:30:23Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>'
3862. 2017-05-11T02:30:23Z DEBUG The CA status is: running
3863. 2017-05-11T02:30:23Z DEBUG duration: 10 seconds
3864. 2017-05-11T02:30:23Z DEBUG [15/31]: requesting RA certificate from CA
3865. 2017-05-11T02:30:23Z DEBUG Starting external process
3866. 2017-05-11T02:30:23Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -R -k rsa -g 2048 -s CN=IPA RA,O=RDLG.NET -z /tmp/tmpHaL6YB -a
3867. 2017-05-11T02:30:23Z DEBUG Process finished, return code=0
3868. 2017-05-11T02:30:23Z DEBUG stdout=
3869. Certificate request generated by Netscape certutil
3870. Phone: (not specified)
3871.  
3872. Common Name: IPA RA
3873. Email: (not specified)
3874. Organization: RDLG.NET
3875. State: (not specified)
3876. Country: (not specified)
3877.  
3878. -----BEGIN NEW CERTIFICATE REQUEST-----
3879. MIICaTCCAVECAQAwJDERMA8GA1UEChMIUkRMRy5ORVQxDzANBgNVBAMTBklQQSBS
3880. QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlu5e8Xc+VhRyyy8agF
3881. WShlsQoyoSUww/uGjgh4vwV6gMFKxaM6US49Y9EdunpJdPgPQLjn98r/bTjapGgb
3882. Hxz27dVGLEbH6K/eNFRGBhAqGhekCa2/9abQh3TRFJoR5vyhKg5tyVkw+qceyp2p
3883. xcLS1XfVTmhDILu+0drTA2XBO7oQEwNKuOBfORxYoxo43WA7ijkwz5gz0Wr4LVGW
3884. Kn+sCtN7nY1Xi+R/B8Z9QkYrRXdg8uk+SbHgSFCadyTvgrD/F/LTFt3rK/P/HCMc
3885. lK8MSB4uv1ZZSw5XvjLBPzZykalxOPU+KjHxYlNGjUsF2TGo0LwB1FL573wK717+
3886. Ke0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCcjwvNBRYY9ssiXkZ5DUKluWIz
3887. 2ppI50X5LNlUAcvWAc5S6ncQ09R/8K/6fSrCb37ur12fhFtgRdrBNvKJudDBBmNu
3888. JYt3DOGo8dQhyG9Oz3kU0gdOnhCVcAF2bsTcyjKcZk9M/SCRd3QViXApOf+BXw/s
3889. 4H/LKpqEBeMdEypRIZ3QGDl+fhUBAg7mcvFmgBSodYymAePxc4DAx7O2No9/M4Bj
3890. Dj7Tr/7hyXWaU/rb1Or30xunW7doxIzO7sfix9PbdQSqVjrBGxrw2xOu+lc4DpAU
3891. Sre49sLKmW4LEP0+ar/vpg6rWm13bEbG0VtfxQWplUbCz0V8OmB9E4dBPeS1
3892. -----END NEW CERTIFICATE REQUEST-----
3893.  
3894. 2017-05-11T02:30:23Z DEBUG stderr=
3895.  
3896. Generating key. This may take a few moments...
3897.  
3898.  
3899. 2017-05-11T02:30:23Z DEBUG duration: 0 seconds
3900. 2017-05-11T02:30:23Z DEBUG [16/31]: issuing RA agent certificate
3901. 2017-05-11T02:30:23Z DEBUG Starting external process
3902. 2017-05-11T02:30:23Z DEBUG args=/usr/bin/certutil -d /tmp/tmp-2dhsv2 -O -n ipa-ca-agent
3903. 2017-05-11T02:30:23Z DEBUG Process finished, return code=0
3904. 2017-05-11T02:30:23Z DEBUG stdout="ipa-ca-agent" [CN=ipa-ca-agent,O=RDLG.NET]
3905.  
3906.  
3907. 2017-05-11T02:30:23Z DEBUG stderr=
3908. 2017-05-11T02:30:23Z DEBUG Starting external process
3909. 2017-05-11T02:30:23Z DEBUG args=/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-2dhsv2 -r /ca/agent/ca/profileReview?requestId=7 ipa.rdlg.net:8443
3910. 2017-05-11T02:30:24Z DEBUG Process finished, return code=0
3911. 2017-05-11T02:30:24Z DEBUG stdout=HTTP/1.1 200 OK
3912. Server: Apache-Coyote/1.1
3913. Content-Type: text/html;charset=UTF-8
3914. Date: Thu, 11 May 2017 02:30:23 GMT
3915. Connection: close
3916.  
3917. <!-- --- BEGIN COPYRIGHT BLOCK ---
3918. This program is free software; you can redistribute it and/or modify
3919. it under the terms of the GNU General Public License as published by
3920. the Free Software Foundation; version 2 of the License.
3921.  
3922. This program is distributed in the hope that it will be useful,
3923. but WITHOUT ANY WARRANTY; without even the implied warranty of
3924. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3925. GNU General Public License for more details.
3926.  
3927. You should have received a copy of the GNU General Public License along
3928. with this program; if not, write to the Free Software Foundation, Inc.,
3929. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
3930.  
3931. Copyright (C) 2007 Red Hat, Inc.
3932. All rights reserved.
3933. --- END COPYRIGHT BLOCK --- -->
3934. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
3935. <html>
3936. <script type="text/javascript">
3937. requestNotes="";
3938. requestType="enrollment";
3939. recordSet = new Array;
3940. record = new Object;
3941. record.conDesc="This constraint accepts the subject name that matches .*CN=.*";
3942. record.policyId="1";
3943. record.defListSet = new Array;
3944. defList = new Object;
3945. defList.defId="name";
3946. defList.defConstraint="null";
3947. defList.defName="Subject Name";
3948. defList.defSyntax="string";
3949. defList.defVal="CN=IPA RA,O=RDLG.NET";
3950. record.defListSet[0] = defList;
3951. record.defDesc="This default populates a User-Supplied Certificate Subject Name to the request.";
3952. recordSet[0] = record;
3953. record = new Object;
3954. record.conDesc="This constraint rejects the validity that is not between 720 days.";
3955. record.policyId="2";
3956. record.defListSet = new Array;
3957. defList = new Object;
3958. defList.defId="notBefore";
3959. defList.defConstraint="null";
3960. defList.defName="Not Before";
3961. defList.defSyntax="string";
3962. defList.defVal="2017-05-10 20:30:23";
3963. record.defListSet[0] = defList;
3964. defList = new Object;
3965. defList.defId="notAfter";
3966. defList.defConstraint="null";
3967. defList.defName="Not After";
3968. defList.defSyntax="string";
3969. defList.defVal="2019-04-30 20:30:23";
3970. record.defListSet[1] = defList;
3971. record.defDesc="This default populates a Certificate Validity to the request. The default values are Range=720 in days";
3972. recordSet[1] = record;
3973. record = new Object;
3974. record.conDesc="This constraint accepts the key only if Key Type=-, Key Parameters =1024,2048,3072,4096,nistp256,nistp384,nistp521";
3975. record.policyId="3";
3976. record.defListSet = new Array;
3977. defList = new Object;
3978. defList.defId="TYPE";
3979. defList.defConstraint="readonly";
3980. defList.defName="Key Type";
3981. defList.defSyntax="string";
3982. defList.defVal="RSA - 1.2.840.113549.1.1.1";
3983. record.defListSet[0] = defList;
3984. defList = new Object;
3985. defList.defId="LEN";
3986. defList.defConstraint="readonly";
3987. defList.defName="Key Length";
3988. defList.defSyntax="string";
3989. defList.defVal="2048";
3990. record.defListSet[1] = defList;
3991. defList = new Object;
3992. defList.defId="KEY";
3993. defList.defConstraint="readonly";
3994. defList.defName="Key";
3995. defList.defSyntax="string";
3996. defList.defVal="30:82:01:0A:02:82:01:01:00:C9:6E:E5:EF:17:73:E5:\n61:47:2C:B2:F1:A8:05:59:28:65:B1:0A:32:A1:25:30:\nC3:FB:86:8E:08:78:BF:05:7A:80:C1:4A:C5:A3:3A:51:\n2E:3D:63:D1:1D:BA:7A:49:74:F8:0F:40:B8:E7:F7:CA:\nFF:6D:38:DA:A4:68:1B:1F:1C:F6:ED:D5:46:2C:46:C7:\nE8:AF:DE:34:54:46:06:10:2A:1A:17:A4:09:AD:BF:F5:\nA6:D0:87:74:D1:14:9A:11:E6:FC:A1:2A:0E:6D:C9:59:\n30:FA:A7:1E:CA:9D:A9:C5:C2:D2:D5:77:D5:4E:68:43:\n20:BB:BE:D1:DA:D3:03:65:C1:3B:BA:10:13:03:4A:B8:\nE0:5F:39:1C:58:A3:1A:38:DD:60:3B:8A:39:30:CF:98:\n33:D1:6A:F8:2D:51:96:2A:7F:AC:0A:D3:7B:9D:8D:57:\n8B:E4:7F:07:C6:7D:42:46:2B:45:77:60:F2:E9:3E:49:\nB1:E0:48:50:9A:77:24:EF:82:B0:FF:17:F2:D3:16:DD:\nEB:2B:F3:FF:1C:23:1C:94:AF:0C:48:1E:2E:BF:56:59:\n4B:0E:57:BE:32:C1:3F:36:72:91:A9:71:38:F5:3E:2A:\n31:F1:62:53:46:8D:4B:05:D9:31:A8:D0:BC:01:D4:52:\nF9:EF:7C:0A:EF:5E:FE:29:ED:02:03:01:00:01\n";
3997. record.defListSet[2] = defList;
3998. record.defDesc="This default populates a User-Supplied Certificate Key to the request.";
3999. recordSet[2] = record;
4000. record = new Object;
4001. record.conDesc="No Constraint";
4002. record.policyId="4";
4003. record.defListSet = new Array;
4004. defList = new Object;
4005. defList.defId="critical";
4006. defList.defConstraint="readonly";
4007. defList.defName="Criticality";
4008. defList.defSyntax="string";
4009. defList.defVal="false";
4010. record.defListSet[0] = defList;
4011. defList = new Object;
4012. defList.defId="keyid";
4013. defList.defConstraint="readonly";
4014. defList.defName="Key ID";
4015. defList.defSyntax="string";
4016. defList.defVal="CA:14:72:73:F8:4E:60:E3:E2:1F:99:7C:BC:22:AD:98:\n43:35:DE:F3\n";
4017. record.defListSet[1] = defList;
4018. record.defDesc="This default populates an Authority Key Identifier Extension (2.5.29.35) to the request.";
4019. recordSet[3] = record;
4020. record = new Object;
4021. record.conDesc="No Constraint";
4022. record.policyId="5";
4023. record.defListSet = new Array;
4024. defList = new Object;
4025. defList.defId="authInfoAccessCritical";
4026. defList.defConstraint="null";
4027. defList.defName="Criticality";
4028. defList.defSyntax="boolean";
4029. defList.defVal="false";
4030. record.defListSet[0] = defList;
4031. defList = new Object;
4032. defList.defId="authInfoAccessGeneralNames";
4033. defList.defConstraint="null";
4034. defList.defName="General Names";
4035. defList.defSyntax="string_list";
4036. defList.defVal="Record #0\r\nMethod:1.3.6.1.5.5.7.48.1\r\nLocation Type:URIName\r\nLocation:http://ipa-ca.rdlg.net/ca/ocsp\r\nEnable:true\r\n\r\n";
4037. record.defListSet[1] = defList;
4038. record.defDesc="This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality=false, Record #0{Method:1.3.6.1.5.5.7.48.1,Location Type:URIName,Location:,Enable:true}";
4039. recordSet[4] = record;
4040. record = new Object;
4041. record.conDesc="This constraint accepts the Key Usage extension, if present, only when Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false";
4042. record.policyId="6";
4043. record.defListSet = new Array;
4044. defList = new Object;
4045. defList.defId="keyUsageCritical";
4046. defList.defConstraint="null";
4047. defList.defName="Criticality";
4048. defList.defSyntax="boolean";
4049. defList.defVal="true";
4050. record.defListSet[0] = defList;
4051. defList = new Object;
4052. defList.defId="keyUsageDigitalSignature";
4053. defList.defConstraint="null";
4054. defList.defName="Digital Signature";
4055. defList.defSyntax="boolean";
4056. defList.defVal="true";
4057. record.defListSet[1] = defList;
4058. defList = new Object;
4059. defList.defId="keyUsageNonRepudiation";
4060. defList.defConstraint="null";
4061. defList.defName="Non-Repudiation";
4062. defList.defSyntax="boolean";
4063. defList.defVal="true";
4064. record.defListSet[2] = defList;
4065. defList = new Object;
4066. defList.defId="keyUsageKeyEncipherment";
4067. defList.defConstraint="null";
4068. defList.defName="Key Encipherment";
4069. defList.defSyntax="boolean";
4070. defList.defVal="true";
4071. record.defListSet[3] = defList;
4072. defList = new Object;
4073. defList.defId="keyUsageDataEncipherment";
4074. defList.defConstraint="null";
4075. defList.defName="Data Encipherment";
4076. defList.defSyntax="boolean";
4077. defList.defVal="true";
4078. record.defListSet[4] = defList;
4079. defList = new Object;
4080. defList.defId="keyUsageKeyAgreement";
4081. defList.defConstraint="null";
4082. defList.defName="Key Agreement";
4083. defList.defSyntax="boolean";
4084. defList.defVal="false";
4085. record.defListSet[5] = defList;
4086. defList = new Object;
4087. defList.defId="keyUsageKeyCertSign";
4088. defList.defConstraint="null";
4089. defList.defName="Key CertSign";
4090. defList.defSyntax="boolean";
4091. defList.defVal="false";
4092. record.defListSet[6] = defList;
4093. defList = new Object;
4094. defList.defId="keyUsageCrlSign";
4095. defList.defConstraint="null";
4096. defList.defName="CRL Sign";
4097. defList.defSyntax="boolean";
4098. defList.defVal="false";
4099. record.defListSet[7] = defList;
4100. defList = new Object;
4101. defList.defId="keyUsageEncipherOnly";
4102. defList.defConstraint="null";
4103. defList.defName="Encipher Only";
4104. defList.defSyntax="boolean";
4105. defList.defVal="false";
4106. record.defListSet[8] = defList;
4107. defList = new Object;
4108. defList.defId="keyUsageDecipherOnly";
4109. defList.defConstraint="null";
4110. defList.defName="Decipher Only";
4111. defList.defSyntax="boolean";
4112. defList.defVal="false";
4113. record.defListSet[9] = defList;
4114. record.defDesc="This default populates a Key Usage Extension (2.5.29.15) to the request. The default values are Criticality=true, Digital Signature=true, Non-Repudiation=true, Key Encipherment=true, Data Encipherment=true, Key Agreement=false, Key Certificate Sign=false, Key CRL Sign=false, Encipher Only=false, Decipher Only=false";
4115. recordSet[5] = record;
4116. record = new Object;
4117. record.conDesc="No Constraint";
4118. record.policyId="7";
4119. record.defListSet = new Array;
4120. defList = new Object;
4121. defList.defId="exKeyUsageCritical";
4122. defList.defConstraint="null";
4123. defList.defName="Criticality";
4124. defList.defSyntax="boolean";
4125. defList.defVal="false";
4126. record.defListSet[0] = defList;
4127. defList = new Object;
4128. defList.defId="exKeyUsageOIDs";
4129. defList.defConstraint="null";
4130. defList.defName="Comma-Separated list of Object Identifiers";
4131. defList.defSyntax="string_list";
4132. defList.defVal="1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2";
4133. record.defListSet[1] = defList;
4134. record.defDesc="This default populates an Extended Key Usage Extension () to the request. The default values are Criticality=false, OIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2";
4135. recordSet[6] = record;
4136. record = new Object;
4137. record.conDesc="This constraint accepts only the Signing Algorithms of SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC";
4138. record.policyId="8";
4139. record.defListSet = new Array;
4140. defList = new Object;
4141. defList.defId="signingAlg";
4142. defList.defConstraint="SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA";
4143. defList.defName="Signing Algorithm";
4144. defList.defSyntax="choice";
4145. defList.defVal="SHA256withRSA";
4146. record.defListSet[0] = defList;
4147. record.defDesc="This default populates the Certificate Signing Algorithm. The default values are Algorithm=SHA256withRSA";
4148. recordSet[7] = record;
4149. profileDesc="This certificate profile is for enrolling server certificates.";
4150. inputListSet = new Array;
4151. inputList = new Object;
4152. inputList.inputId="cert_request_type";
4153. inputList.inputName="Certificate Request Type";
4154. inputList.inputVal="pkcs10";
4155. inputList.inputSyntax="cert_request_type";
4156. inputList.inputConstraint="null";
4157. inputListSet[0] = inputList;
4158. inputList = new Object;
4159. inputList.inputId="cert_request";
4160. inputList.inputName="Certificate Request";
4161. inputList.inputVal="MIICaTCCAVECAQAwJDERMA8GA1UEChMIUkRMRy5ORVQxDzANBgNVBAMTBklQQSBS\r\nQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlu5e8Xc+VhRyyy8agF\r\nWShlsQoyoSUww/uGjgh4vwV6gMFKxaM6US49Y9EdunpJdPgPQLjn98r/bTjapGgb\r\nHxz27dVGLEbH6K/eNFRGBhAqGhekCa2/9abQh3TRFJoR5vyhKg5tyVkw+qceyp2p\r\nxcLS1XfVTmhDILu+0drTA2XBO7oQEwNKuOBfORxYoxo43WA7ijkwz5gz0Wr4LVGW\r\nKn+sCtN7nY1Xi+R/B8Z9QkYrRXdg8uk+SbHgSFCadyTvgrD/F/LTFt3rK/P/HCMc\r\nlK8MSB4uv1ZZSw5XvjLBPzZykalxOPU+KjHxYlNGjUsF2TGo0LwB1FL573wK717+\r\nKe0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCcjwvNBRYY9ssiXkZ5DUKluWIz\r\n2ppI50X5LNlUAcvWAc5S6ncQ09R/8K/6fSrCb37ur12fhFtgRdrBNvKJudDBBmNu\r\nJYt3DOGo8dQhyG9Oz3kU0gdOnhCVcAF2bsTcyjKcZk9M/SCRd3QViXApOf+BXw/s\r\n4H/LKpqEBeMdEypRIZ3QGDl+fhUBAg7mcvFmgBSodYymAePxc4DAx7O2No9/M4Bj\r\nDj7Tr/7hyXWaU/rb1Or30xunW7doxIzO7sfix9PbdQSqVjrBGxrw2xOu+lc4DpAU\r\nSre49sLKmW4LEP0+ar/vpg6rWm13bEbG0VtfxQWplUbCz0V8OmB9E4dBPeS1\n";
4162. inputList.inputSyntax="cert_request";
4163. inputList.inputConstraint="null";
4164. inputListSet[1] = inputList;
4165. inputList = new Object;
4166. inputList.inputId="requestor_name";
4167. inputList.inputName="Requestor Name";
4168. inputList.inputVal="IPA Installer";
4169. inputList.inputSyntax="string";
4170. inputList.inputConstraint="null";
4171. inputListSet[2] = inputList;
4172. inputList = new Object;
4173. inputList.inputId="requestor_email";
4174. inputList.inputName="Requestor Email";
4175. inputList.inputVal="null";
4176. inputList.inputSyntax="string";
4177. inputList.inputConstraint="null";
4178. inputListSet[3] = inputList;
4179. inputList = new Object;
4180. inputList.inputId="requestor_phone";
4181. inputList.inputName="Requestor Phone";
4182. inputList.inputVal="null";
4183. inputList.inputSyntax="string";
4184. inputList.inputConstraint="null";
4185. inputListSet[4] = inputList;
4186. errorCode="0";
4187. requestModificationTime="Wed May 10 20:30:23 MDT 2017";
4188. profileRemoteAddr="172.20.0.200";
4189. profileName="Manual Server Certificate Enrollment";
4190. profileApprovedBy="admin";
4191. requestOwner="";
4192. profileId="caServerCert";
4193. profileRemoteHost="172.20.0.200";
4194. profileIsVisible="true";
4195. requestId="7";
4196. errorReason="";
4197. requestStatus="pending";
4198. requestCreationTime="Wed May 10 20:30:23 MDT 2017";
4199. outputListSet = new Array;
4200. outputList = new Object;
4201. outputList.outputId="pretty_cert";
4202. outputList.outputSyntax="pretty_print";
4203. outputList.outputVal="null";
4204. outputList.outputName="Certificate Pretty Print";
4205. outputList.outputConstraint="null";
4206. outputListSet[0] = outputList;
4207. outputList = new Object;
4208. outputList.outputId="b64_cert";
4209. outputList.outputSyntax="pretty_print";
4210. outputList.outputVal="null";
4211. outputList.outputName="Certificate Base-64 Encoded";
4212. outputList.outputConstraint="null";
4213. outputListSet[1] = outputList;
4214. profileSetId="serverCertSet";
4215. </script>
4216. <style>
4217. TABLE { border-spacing: 0 0; }
4218. </style>
4219.  
4220. <script type="text/javascript">
4221. function escapeValue(value)
4222. {
4223. return value.replace(/"/g,'&quot;');
4224. }
4225.  
4226. function addEscapes(str)
4227. {
4228. var outStr = str.replace(/</g, "&lt;");
4229. outStr = outStr.replace(/>/g, "&gt;");
4230. return outStr;
4231. }
4232.  
4233. document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request ');
4234. document.writeln(requestId);
4235. document.writeln('<br></font>');
4236. </script>
4237. <font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font>
4238. <table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif"
4239. width="100%">
4240. <tr>
4241. <td>&nbsp;</td>
4242. </tr>
4243. </table>
4244. <p>
4245. <script type="text/javascript">
4246. if (requestStatus == 'pending') {
4247. document.writeln('<form method=post action="profileProcess">');
4248. document.writeln('<input type=hidden name=requestId value=' + requestId + '>');
4249. }
4250. document.writeln('<p>');
4251. document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Request Information</FONT></TD></TR></TABLE>');
4252. document.writeln('<table border=1 width=100%>');
4253. document.writeln('<tr>');
4254. document.writeln('<td width=20%>');
4255. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4256. document.writeln('<b>Request ID:</b>');
4257. document.writeln('</FONT>');
4258. document.writeln('</td>');
4259. document.writeln('<td>');
4260. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4261. document.writeln(requestId);
4262. document.writeln('</FONT>');
4263. document.writeln('</td>');
4264. document.writeln('</tr>');
4265. document.writeln('<tr>');
4266. document.writeln('<td>');
4267. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4268. document.writeln('<b>Request Type:</b>');
4269. document.writeln('</FONT>');
4270. document.writeln('</td>');
4271. document.writeln('<td>');
4272. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4273. document.writeln(requestType);
4274. document.writeln('</FONT>');
4275. document.writeln('</td>');
4276. document.writeln('</tr>');
4277. document.writeln('<tr>');
4278. document.writeln('<td>');
4279. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4280. document.writeln('<b>Request Status:</b>');
4281. document.writeln('</FONT>');
4282. document.writeln('</td>');
4283. document.writeln('<td>');
4284. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4285. document.writeln(requestStatus);
4286. document.writeln('</FONT>');
4287. document.writeln('</td>');
4288. document.writeln('</tr>');
4289. document.writeln('<tr>');
4290. document.writeln('<td>');
4291. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4292. document.writeln('<b>Requestor Host:</b>');
4293. document.writeln('</FONT>');
4294. document.writeln('</td>');
4295. document.writeln('<td>');
4296. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4297. document.writeln(profileRemoteHost);
4298. document.writeln('</FONT>');
4299. document.writeln('</td>');
4300. document.writeln('</tr>');
4301. document.writeln('<tr>');
4302. document.writeln('<td>');
4303. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4304. document.writeln('<b>Assigned To:</b>');
4305. document.writeln('</FONT>');
4306. document.writeln('</td>');
4307. document.writeln('<td>');
4308. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4309. document.writeln(requestOwner);
4310. document.writeln('</FONT>');
4311. document.writeln('</td>');
4312. document.writeln('</tr>');
4313. document.writeln('<tr>');
4314. document.writeln('<td>');
4315. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4316. document.writeln('<b>Creation Time:</b>');
4317. document.writeln('</FONT>');
4318. document.writeln('</td>');
4319. document.writeln('<td>');
4320. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4321. document.writeln(requestCreationTime);
4322. document.writeln('</FONT>');
4323. document.writeln('</td>');
4324. document.writeln('</tr>');
4325. document.writeln('<tr>');
4326. document.writeln('<td>');
4327. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4328. document.writeln('<b>Modification Time:</b>');
4329. document.writeln('</FONT>');
4330. document.writeln('</td>');
4331. document.writeln('<td>');
4332. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4333. document.writeln(requestModificationTime);
4334. document.writeln('</FONT>');
4335. document.writeln('</td>');
4336. document.writeln('</tr>');
4337. document.writeln('</table>');
4338. document.writeln('<p>');
4339. document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Information</FONT></TD></TR></TABLE>');
4340. document.writeln('<table border=1 width=100%>');
4341. document.writeln('<tr>');
4342. document.writeln('<td width=20%>');
4343. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4344. document.writeln('<b>Certificate Profile Id:</b>');
4345. document.writeln('</FONT>');
4346. document.writeln('</td>');
4347. document.writeln('<td>');
4348. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4349. document.writeln(profileId);
4350. document.writeln('</FONT>');
4351. document.writeln('</td>');
4352. document.writeln('</tr>');
4353. document.writeln('<tr>');
4354. document.writeln('<td width=20%>');
4355. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4356. document.writeln('<b>Approved By:</b>');
4357. document.writeln('</FONT>');
4358. document.writeln('</td>');
4359. document.writeln('<td>');
4360. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4361. document.writeln(profileApprovedBy);
4362. document.writeln('</FONT>');
4363. document.writeln('</td>');
4364. document.writeln('</tr>');
4365. document.writeln('<tr>');
4366. document.writeln('<td>');
4367. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4368. document.writeln('<b>Certificate Profile Name:</b>');
4369. document.writeln('</FONT>');
4370. document.writeln('</td>');
4371. document.writeln('<td>');
4372. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4373. document.writeln(profileName);
4374. document.writeln('</FONT>');
4375. document.writeln('</td>');
4376. document.writeln('</tr>');
4377. document.writeln('<tr>');
4378. document.writeln('<td>');
4379. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4380. document.writeln('<b>Certificate Profile Description:</b>');
4381. document.writeln('</FONT>');
4382. document.writeln('</td>');
4383. document.writeln('<td>');
4384. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4385. document.writeln(profileDesc);
4386. document.writeln('</FONT>');
4387. document.writeln('</td>');
4388. document.writeln('</tr>');
4389. document.writeln('</table>');
4390. document.writeln('<p>');
4391. if (requestStatus != 'pending') {
4392. document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>');
4393. document.writeln('<table width=100% border=1>');
4394. document.writeln('<tr>');
4395. document.writeln('<td>');
4396. document.writeln(requestNotes);
4397. document.writeln('</td>');
4398. document.writeln('</tr>');
4399. document.writeln('</table>');
4400. document.writeln('<p>');
4401. }
4402. if (profileIsVisible == 'true') {
4403. document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Inputs</FONT></TD></TR></TABLE>');
4404. document.writeln('<table border=1 width=100%>');
4405. document.writeln('<tr>');
4406. document.writeln('<td width=20%>');
4407. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4408. document.writeln('<b>Id</b>');
4409. document.writeln('</FONT>');
4410. document.writeln('</td>');
4411. document.writeln('<td width=40%>');
4412. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4413. document.writeln('<b>Input Names</b>');
4414. document.writeln('</FONT>');
4415. document.writeln('</td>');
4416. document.writeln('<td>');
4417. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4418. document.writeln('<b>Input Values</b>');
4419. document.writeln('</FONT>');
4420. document.writeln('</td>');
4421. document.writeln('</tr>');
4422. for (var i = 0; i < inputListSet.length; i++) {
4423. document.writeln('<tr>');
4424. document.writeln('<td>');
4425. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4426. document.writeln(inputListSet[i].inputId);
4427. document.writeln('</FONT>');
4428. document.writeln('</td>');
4429. document.writeln('<td>');
4430. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4431. document.writeln(inputListSet[i].inputName);
4432. document.writeln('</FONT>');
4433. document.writeln('</td>');
4434. document.writeln('<td>');
4435. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4436. document.writeln(addEscapes(inputListSet[i].inputVal));
4437. document.writeln('</FONT>');
4438. document.writeln('</td>');
4439. document.writeln('</tr>');
4440. }
4441. document.writeln('</table>');
4442. document.writeln('<p>');
4443. }
4444. if (requestStatus == 'complete') {
4445. document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Outputs</FONT></TD></TR></TABLE>');
4446. for (var i = 0; i < outputListSet.length; i++) {
4447. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
4448. );
4449. document.writeln('<li>');
4450. document.writeln(outputListSet[i].outputName);
4451. document.writeln('</FONT>');
4452. document.writeln('<p>');
4453. if (outputListSet[i].outputSyntax == 'string') {
4454. document.writeln(outputListSet[i].outputVal);
4455. } else if (outputListSet[i].outputSyntax == 'pretty_print') {
4456. document.writeln('<pre>');
4457. document.writeln(outputListSet[i].outputVal);
4458. document.writeln('</pre>');
4459. } else if (outputListSet[i].outputSyntax == 'der_b64') {
4460. document.writeln('<pre>');
4461. document.writeln('-----BEGIN CERTIFICATE-----');
4462. document.writeln(outputListSet[i].outputVal);
4463. document.writeln('-----END CERTIFICATE-----');
4464. document.writeln('</pre>');
4465. }
4466. document.writeln('</p>');
4467. }
4468. }
4469. if (requestStatus == 'pending') {
4470. document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Policy Information</FONT></TD></TR></TABLE>');
4471. document.writeln('<table>');
4472. document.writeln('<tr>');
4473. document.writeln('<td width=20%>');
4474. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4475. document.writeln('<b>Certificate Profile Set Id:</b>');
4476. document.writeln('</FONT>');
4477. document.writeln('</td>');
4478. document.writeln('<td>');
4479. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4480. document.writeln(profileSetId);
4481. document.writeln('</FONT>');
4482. document.writeln('</td>');
4483. document.writeln('</tr>');
4484. document.writeln('</table>');
4485. document.writeln('<table border=1 width=100%>');
4486. document.writeln('<tr>');
4487. document.writeln('<td width=10%>');
4488. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4489. document.writeln('<b>#</b>');
4490. document.writeln('</FONT>');
4491. document.writeln('</td>');
4492. document.writeln('<td width=45%>');
4493. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4494. document.writeln('<b>Extensions / Fields</b>');
4495. document.writeln('</FONT>');
4496. document.writeln('</td>');
4497. document.writeln('<td width=45%>');
4498. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4499. document.writeln('<b>Constraints</b>');
4500. document.writeln('</FONT>');
4501. document.writeln('</td>');
4502. document.writeln('</tr>');
4503. for (var i = 0; i < recordSet.length; i++) {
4504. document.writeln('<tr valign=top>');
4505. document.writeln('<td>');
4506. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4507. document.writeln(recordSet[i].policyId);
4508. document.writeln('</FONT>');
4509. document.writeln('</td>');
4510. document.writeln('<td>');
4511. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4512. document.writeln(recordSet[i].defDesc);
4513. document.writeln('</FONT>');
4514. document.writeln('<p>');
4515. document.writeln('<table width=100%>');
4516. for (var j = 0; j < recordSet[i].defListSet.length; j++) {
4517. document.writeln('<tr valign=top>');
4518. if (typeof(recordSet[i].defListSet[j].defName) != 'undefined') {
4519. document.writeln('<td width=30%><i>');
4520. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4521. document.writeln(recordSet[i].defListSet[j].defName + ':');
4522. document.writeln('</FONT>');
4523. document.writeln('</i></td>');
4524. document.writeln('<td width=70%>');
4525. if (recordSet[i].defListSet[j].defConstraint == 'readonly') {
4526. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4527. document.writeln(recordSet[i].defListSet[j].defVal);
4528. document.writeln('</FONT>');
4529. } else {
4530. if (recordSet[i].defListSet[j].defSyntax == 'string') {
4531. document.writeln('<input size=32 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + escapeValue(recordSet[i].defListSet[j].defVal) + '">');
4532. } else if (recordSet[i].defListSet[j].defSyntax == 'string_list') {
4533. document.writeln('<textarea cols=40 rows=5 name="' + recordSet[i].defListSet[j].defId + '">' + recordSet[i].defListSet[j].defVal + '</textarea>');
4534. } else if (recordSet[i].defListSet[j].defSyntax == 'integer') {
4535. document.writeln('<input size=6 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">');
4536. } else if (recordSet[i].defListSet[j].defSyntax == 'image_url') {
4537. document.writeln('<img border=0 src="' + recordSet[i].defListSet[j].defVal + '">');
4538. document.writeln('<input type=hidden name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">');
4539. } else if (recordSet[i].defListSet[j].defSyntax == 'choice') {
4540. document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">');
4541. var c = recordSet[i].defListSet[j].defConstraint.split(',');
4542. for(var k = 0; k < c.length; k++) {
4543. if (recordSet[i].defListSet[j].defVal == c[k]) {
4544. document.writeln('<option selected value=' + c[k] + '>');
4545. } else {
4546. document.writeln('<option value=' + c[k] + '>');
4547. }
4548. document.writeln(c[k]);
4549. document.writeln('</option>');
4550. }
4551.  
4552. document.writeln('</select>');
4553. } else if (recordSet[i].defListSet[j].defSyntax == 'boolean') {
4554. document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">');
4555. if (recordSet[i].defListSet[j].defVal == 'true') {
4556. document.writeln('<option selected value=true>true</option>');
4557. document.writeln('<option value=false>false</option>');
4558. } else {
4559. document.writeln('<option value=true>true</option>');
4560. document.writeln('<option selected value=false>false</option>');
4561. }
4562. document.writeln('</select>');
4563. }
4564. }
4565. document.writeln('</td>');
4566. }
4567. document.writeln('</tr>');
4568. }
4569. document.writeln('</table>');
4570. document.writeln('</td>');
4571. document.writeln('<td>');
4572. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4573. document.writeln(recordSet[i].conDesc);
4574. document.writeln('</FONT>');
4575. document.writeln('</td>');
4576. document.writeln('</tr>');
4577. } // for
4578. document.writeln('</table>');
4579. document.writeln('<p>');
4580. document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>');
4581. document.writeln('<textarea cols=40 rows=5 name="requestNotes">' + requestNotes + '</textarea>');
4582. document.writeln('<p>');
4583. document.writeln('<SELECT NAME="op">');
4584. document.writeln('<OPTION VALUE="update">Update request</OPTION>');
4585. document.writeln('<OPTION VALUE="validate">Validate request</OPTION>');
4586. document.writeln('<OPTION SELECTED VALUE="approve">Approve request</OPTION>');
4587. document.writeln('<OPTION VALUE="reject">Reject request</OPTION>');
4588. document.writeln('<OPTION VALUE="cancel">Cancel request</OPTION>');
4589. document.writeln('<OPTION VALUE="assign">Assign request</OPTION>');
4590. document.writeln('<OPTION VALUE="unassign">Unassign request</OPTION>');
4591. document.writeln('</SELECT>');
4592. if (typeof(nonce) != "undefined") {
4593. document.writeln("<INPUT TYPE=hidden name=nonce value=\"" + nonce +"\">");
4594. }
4595. document.writeln('<input type=submit name=submit value=submit>');
4596. document.writeln('</form>');
4597. } // if
4598. </script>
4599. </html>
4600.  
4601. Subject: CN=ipa.rdlg.net,O=RDLG.NET
4602. Issuer : CN=Certificate Authority,O=RDLG.NET
4603. bulk cipher AES-256, 256 secret key bits, 256 key bits, status: 1
4604.  
4605. 2017-05-11T02:30:24Z DEBUG stderr=GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0
4606. Host: ipa.rdlg.net:8443
4607.  
4608. port: 8443
4609. addr='ipa.rdlg.net'
4610. family='2'
4611. IP='172.20.0.200'
4612. Called mygetclientauthdata - nickname = ipa-ca-agent
4613. mygetclientauthdata - cert = 1430a70
4614. mygetclientauthdata - privkey = 1473130
4615. PR_Write wrote 80 bytes from bigBuf
4616. bytes: [GET /ca/agent/ca/profileReview?requestId=7 HTTP/1.0
4617. Host: ipa.rdlg.net:8443
4618.  
4619. ]
4620. do_writes shutting down send socket
4621. do_writes exiting with (result = 0)
4622. connection 1 read 9000 bytes (9000 total).
4623. these bytes read:
4624. connection 1 read 9000 bytes (18000 total).
4625. these bytes read:
4626. connection 1 read 9000 bytes (27000 total).
4627. these bytes read:
4628. connection 1 read 2697 bytes (29697 total).
4629. these bytes read:
4630. connection 1 read 29697 bytes total. -----------------------------
4631. Done with possible addresses - exiting.
4632.  
4633. 2017-05-11T02:30:24Z DEBUG Starting external process
4634. 2017-05-11T02:30:24Z DEBUG args=/usr/bin/sslget -v -n ipa-ca-agent -p XXXXXXXX -d /tmp/tmp-2dhsv2 -e exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true&notBefore=2017-05-10+20%3A30%3A23&keyUsageCritical=true&submit=submit&notAfter=2019-04-30+20%3A30%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa-ca.rdlg.net%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DRDLG.NET&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve -r /ca/agent/ca/profileProcess ipa.rdlg.net:8443
4635. 2017-05-11T02:30:24Z DEBUG Process finished, return code=0
4636. 2017-05-11T02:30:24Z DEBUG stdout=HTTP/1.1 200 OK
4637. Server: Apache-Coyote/1.1
4638. Content-Type: text/html;charset=UTF-8
4639. Date: Thu, 11 May 2017 02:30:24 GMT
4640. Connection: close
4641.  
4642. <!-- --- BEGIN COPYRIGHT BLOCK ---
4643. This program is free software; you can redistribute it and/or modify
4644. it under the terms of the GNU General Public License as published by
4645. the Free Software Foundation; version 2 of the License.
4646.  
4647. This program is distributed in the hope that it will be useful,
4648. but WITHOUT ANY WARRANTY; without even the implied warranty of
4649. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
4650. GNU General Public License for more details.
4651.  
4652. You should have received a copy of the GNU General Public License along
4653. with this program; if not, write to the Free Software Foundation, Inc.,
4654. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
4655.  
4656. Copyright (C) 2007 Red Hat, Inc.
4657. All rights reserved.
4658. --- END COPYRIGHT BLOCK --- -->
4659. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
4660. <html>
4661. <script type="text/javascript">
4662. outputListSet = new Array;
4663. outputList = new Object;
4664. outputList.outputId="pretty_cert";
4665. outputList.outputSyntax="pretty_print";
4666. outputList.outputVal=" Certificate: \n Data: \n Version: v3\n Serial Number: 0x7\n Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Issuer: CN=Certificate Authority,O=RDLG.NET\n Validity: \n Not Before: Wednesday, May 10, 2017 8:30:23 PM MDT America/Denver\n Not After: Tuesday, April 30, 2019 8:30:23 PM MDT America/Denver\n Subject: CN=IPA RA,O=RDLG.NET\n Subject Public Key Info: \n Algorithm: RSA - 1.2.840.113549.1.1.1\n Public Key: \n Exponent: 65537\n Public Key Modulus: (2048 bits) :\n C9:6E:E5:EF:17:73:E5:61:47:2C:B2:F1:A8:05:59:28:\n 65:B1:0A:32:A1:25:30:C3:FB:86:8E:08:78:BF:05:7A:\n 80:C1:4A:C5:A3:3A:51:2E:3D:63:D1:1D:BA:7A:49:74:\n F8:0F:40:B8:E7:F7:CA:FF:6D:38:DA:A4:68:1B:1F:1C:\n F6:ED:D5:46:2C:46:C7:E8:AF:DE:34:54:46:06:10:2A:\n 1A:17:A4:09:AD:BF:F5:A6:D0:87:74:D1:14:9A:11:E6:\n FC:A1:2A:0E:6D:C9:59:30:FA:A7:1E:CA:9D:A9:C5:C2:\n D2:D5:77:D5:4E:68:43:20:BB:BE:D1:DA:D3:03:65:C1:\n 3B:BA:10:13:03:4A:B8:E0:5F:39:1C:58:A3:1A:38:DD:\n 60:3B:8A:39:30:CF:98:33:D1:6A:F8:2D:51:96:2A:7F:\n AC:0A:D3:7B:9D:8D:57:8B:E4:7F:07:C6:7D:42:46:2B:\n 45:77:60:F2:E9:3E:49:B1:E0:48:50:9A:77:24:EF:82:\n B0:FF:17:F2:D3:16:DD:EB:2B:F3:FF:1C:23:1C:94:AF:\n 0C:48:1E:2E:BF:56:59:4B:0E:57:BE:32:C1:3F:36:72:\n 91:A9:71:38:F5:3E:2A:31:F1:62:53:46:8D:4B:05:D9:\n 31:A8:D0:BC:01:D4:52:F9:EF:7C:0A:EF:5E:FE:29:ED\n Extensions: \n Identifier: Authority Key Identifier - 2.5.29.35\n Critical: no \n Key Identifier: \n CA:14:72:73:F8:4E:60:E3:E2:1F:99:7C:BC:22:AD:98:\n 43:35:DE:F3\n Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1\n Critical: no \n Access Description: \n Method #0: ocsp\n Location #0: URIName: http://ipa-ca.rdlg.net/ca/ocsp\n Identifier: Key Usage: - 2.5.29.15\n Critical: yes \n Key Usage: \n Digital Signature \n Non Repudiation \n Key Encipherment \n Data Encipherment \n Identifier: Extended Key Usage: - 2.5.29.37\n Critical: no \n Extended Key Usage: \n 1.3.6.1.5.5.7.3.1\n 1.3.6.1.5.5.7.3.2\n Signature: \n Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n Signature: \n 3B:8C:98:2F:C1:51:E0:D2:01:BC:55:30:E8:0D:A5:B0:\n 1B:D2:2F:11:5F:1F:45:24:FD:8B:FF:AB:68:FE:5C:58:\n 65:E2:14:C5:0A:CD:9C:81:80:79:23:FF:67:55:2B:1F:\n 0F:0A:19:97:8D:FC:41:19:C5:51:90:B8:CD:BD:62:B9:\n 88:A7:2D:A7:63:25:67:6B:08:47:FA:88:42:96:09:98:\n AB:21:6A:5E:45:20:5D:61:0F:4F:40:67:32:77:D7:DC:\n 26:45:89:AF:51:DD:17:5C:FA:EF:44:73:95:CC:4C:73:\n C9:EC:88:10:9D:CF:5C:EE:69:05:C4:29:3F:00:1A:CB:\n AC:40:8D:8F:EF:A9:61:9B:8F:2B:39:C8:0D:E5:99:BC:\n ED:5F:4C:79:F1:25:0B:95:16:5A:D7:87:1E:17:F9:7D:\n BC:9B:83:94:C7:26:11:9B:FE:7F:6F:B3:9B:83:FA:EB:\n C1:0F:6F:47:9B:3D:B7:E5:57:56:42:85:F9:DD:F9:87:\n 47:3D:7F:C4:B6:91:E1:5F:78:DF:42:E1:3F:91:99:7A:\n 52:FC:08:74:97:D0:89:C0:26:B1:7E:F8:7C:EC:CB:C7:\n D3:F2:24:8E:3C:43:8B:26:7F:6C:27:45:B8:D8:8F:C5:\n 68:28:D1:9F:24:BF:76:82:5F:4C:D1:0F:1D:E5:D3:E1\n FingerPrint\n MD2:\n A6:46:DE:85:1D:25:12:B4:DD:E9:48:67:58:80:8E:88\n MD5:\n A9:2A:01:41:46:08:23:BB:65:17:F7:F1:7B:3C:B3:3A\n SHA-1:\n 34:63:66:A4:AD:92:9D:05:04:70:41:D9:72:6A:CA:D7:\n E7:F1:23:C1\n SHA-256:\n F1:DA:1C:87:30:36:0A:55:6C:07:F7:A8:46:C9:38:27:\n E1:1A:0A:73:43:2A:05:80:8F:43:1A:73:00:2C:A2:42\n SHA-512:\n 25:29:04:96:00:49:77:3C:32:7C:42:B6:7D:A2:2F:69:\n 9E:48:45:6F:EE:8D:C3:CA:A4:A8:83:02:AE:CF:EE:27:\n BF:24:4B:88:FD:DB:FE:A0:90:CD:C7:3A:31:D1:AB:4C:\n 46:6B:77:CE:F3:F0:75:D2:DC:E6:27:57:02:1A:BE:8F\n";
4667. outputList.outputName="Certificate Pretty Print";
4668. outputList.outputConstraint="null";
4669. outputListSet[0] = outputList;
4670. outputList = new Object;
4671. outputList.outputId="b64_cert";
4672. outputList.outputSyntax="pretty_print";
4673. outputList.outputVal="-----BEGIN CERTIFICATE-----\nMIIDYjCCAkqgAwIBAgIBBzANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH\r\nLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy\r\nMzAyM1oXDTE5MDUwMTAyMzAyM1owJDERMA8GA1UECgwIUkRMRy5ORVQxDzANBgNV\r\nBAMMBklQQSBSQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMlu5e8X\r\nc+VhRyyy8agFWShlsQoyoSUww/uGjgh4vwV6gMFKxaM6US49Y9EdunpJdPgPQLjn\r\n98r/bTjapGgbHxz27dVGLEbH6K/eNFRGBhAqGhekCa2/9abQh3TRFJoR5vyhKg5t\r\nyVkw+qceyp2pxcLS1XfVTmhDILu+0drTA2XBO7oQEwNKuOBfORxYoxo43WA7ijkw\r\nz5gz0Wr4LVGWKn+sCtN7nY1Xi+R/B8Z9QkYrRXdg8uk+SbHgSFCadyTvgrD/F/LT\r\nFt3rK/P/HCMclK8MSB4uv1ZZSw5XvjLBPzZykalxOPU+KjHxYlNGjUsF2TGo0LwB\r\n1FL573wK717+Ke0CAwEAAaOBjzCBjDAfBgNVHSMEGDAWgBTKFHJz+E5g4+IfmXy8\r\nIq2YQzXe8zA6BggrBgEFBQcBAQQuMCwwKgYIKwYBBQUHMAGGHmh0dHA6Ly9pcGEt\r\nY2EucmRsZy5uZXQvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYI\r\nKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQA7jJgvwVHg0gG8\r\nVTDoDaWwG9IvEV8fRST9i/+raP5cWGXiFMUKzZyBgHkj/2dVKx8PChmXjfxBGcVR\r\nkLjNvWK5iKctp2MlZ2sIR/qIQpYJmKshal5FIF1hD09AZzJ319wmRYmvUd0XXPrv\r\nRHOVzExzyeyIEJ3PXO5pBcQpPwAay6xAjY/vqWGbjys5yA3lmbztX0x58SULlRZa\r\n14ceF/l9vJuDlMcmEZv+f2+zm4P668EPb0ebPbflV1ZChfnd+YdHPX/EtpHhX3jf\r\nQuE/kZl6UvwIdJfQicAmsX74fOzLx9PyJI48Q4smf2wnRbjYj8VoKNGfJL92gl9M\r\n0Q8d5dPh\r\n-----END CERTIFICATE-----\n";
4674. outputList.outputName="Certificate Base-64 Encoded";
4675. outputList.outputConstraint="null";
4676. outputListSet[1] = outputList;
4677. errorReason="";
4678. requestType="enrollment";
4679. profileId="caServerCert";
4680. requestId="7";
4681. errorCode="0";
4682. requestStatus="complete";
4683. op="approve";
4684. </script>
4685.  
4686. <script type="text/javascript">
4687. function addEscapes(str)
4688. {
4689. var outStr = str.replace(/</g, "&lt;");
4690. outStr = outStr.replace(/>/g, "&gt;");
4691. return outStr;
4692. }
4693.  
4694. document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request ');
4695. if (typeof(requestId) != "undefined") {
4696. document.writeln(requestId);
4697. }
4698. document.writeln('<br></font>');
4699. </script>
4700. <font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font>
4701. <table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
4702. <tr>
4703. <td>&nbsp;</td>
4704. </tr>
4705. </table>
4706. <p>
4707.  
4708. <script type="text/javascript">
4709. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4710. document.writeln('<b>Request Information:</b>');
4711. document.writeln('</FONT>');
4712. document.writeln('<table border=1 width=100%>');
4713. if (typeof(requestId) != "undefined") {
4714. document.writeln('<tr>');
4715. document.writeln('<td width=30%>');
4716. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4717. document.writeln('<b>Request ID:</b>');
4718. document.writeln('</FONT>');
4719. document.writeln('</td>');
4720. document.writeln('<td>');
4721. document.writeln('<a href="profileReview?requestId=' + requestId + '">');
4722. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4723. document.writeln(requestId);
4724. document.writeln('</FONT>');
4725. document.writeln('</a>');
4726. document.writeln('</td>');
4727. document.writeln('</tr>');
4728. }
4729. if (typeof(requestType) != "undefined") {
4730. document.writeln('<tr>');
4731. document.writeln('<td>');
4732. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4733. document.writeln('<b>Request Type:</b>');
4734. document.writeln('</FONT>');
4735. document.writeln('</td>');
4736. document.writeln('<td>');
4737. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4738. document.writeln(requestType);
4739. document.writeln('</FONT>');
4740. document.writeln('</td>');
4741. document.writeln('</tr>');
4742. }
4743. if (typeof(requestStatus) != "undefined") {
4744. document.writeln('<tr>');
4745. document.writeln('<td>');
4746. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4747. document.writeln('<b>Request Status:</b>');
4748. document.writeln('</FONT>');
4749. document.writeln('</td>');
4750. document.writeln('<td>');
4751. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4752. document.writeln(requestStatus);
4753. document.writeln('</FONT>');
4754. document.writeln('</td>');
4755. document.writeln('</tr>');
4756. }
4757. if (typeof(profileId) != "undefined") {
4758. document.writeln('<tr>');
4759. document.writeln('<td>');
4760. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4761. document.writeln('<b>Certificate Profile Id:</b>');
4762. document.writeln('</FONT>');
4763. document.writeln('</td>');
4764. document.writeln('<td>');
4765. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4766. document.writeln(profileId);
4767. document.writeln('</FONT>');
4768. document.writeln('</td>');
4769. document.writeln('</tr>');
4770. }
4771. if (typeof(op) != "undefined") {
4772. document.writeln('<tr>');
4773. document.writeln('<td>');
4774. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4775. document.writeln('<b>Operation Requested:</b>');
4776. document.writeln('</FONT>');
4777. document.writeln('</td>');
4778. document.writeln('<td>');
4779. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4780. document.writeln(op);
4781. document.writeln('</FONT>');
4782. document.writeln('</td>');
4783. document.writeln('</tr>');
4784. }
4785. if (typeof(errorCode) != "undefined") {
4786. document.writeln('<tr>');
4787. document.writeln('<td>');
4788. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4789. document.writeln('<b>Error Code:</b>');
4790. document.writeln('</FONT>');
4791. document.writeln('</td>');
4792. document.writeln('<td>');
4793. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4794. document.writeln(errorCode);
4795. document.writeln('</FONT>');
4796. document.writeln('</td>');
4797. document.writeln('</tr>');
4798. }
4799. if (typeof(errorReason) != "undefined") {
4800. document.writeln('<tr>');
4801. document.writeln('<td>');
4802. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4803. document.writeln('<b>Error Reason:</b>');
4804. document.writeln('</FONT>');
4805. document.writeln('</td>');
4806. document.writeln('<td>');
4807. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
4808. document.writeln(errorReason);
4809. document.writeln('</FONT>');
4810. document.writeln('</td>');
4811. document.writeln('</tr>');
4812. }
4813. document.writeln('</table>');
4814. document.writeln('<p>');
4815. document.writeln('</table>');
4816. if (typeof(requestStatus) != "undefined" && requestStatus == 'complete') {
4817. document.writeln('<table width=100%>');
4818. for (var i = 0; i < outputListSet.length; i++) {
4819. document.writeln('<tr valign=top>');
4820. document.writeln('<td>');
4821. document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
4822. );
4823. document.writeln('<li>');
4824. document.writeln(outputListSet[i].outputName);
4825. document.writeln('</FONT>');
4826. document.writeln('</td>');
4827. document.writeln('<tr valign=top>');
4828. document.writeln('</tr>');
4829. document.writeln('<td>');
4830. if (outputListSet[i].outputSyntax == 'string') {
4831. document.writeln(addEscapes(outputListSet[i].outputVal));
4832. } else if (outputListSet[i].outputSyntax == 'pretty_print') {
4833. document.writeln('<pre>');
4834. document.writeln(addEscapes(outputListSet[i].outputVal));
4835. document.writeln('</pre>');
4836. }
4837. document.writeln('</td>');
4838. document.writeln('</tr>');
4839. }
4840. document.writeln('</table>');
4841. }
4842. </script>
4843. </html>
4844.  
4845. Subject: CN=ipa.rdlg.net,O=RDLG.NET
4846. Issuer : CN=Certificate Authority,O=RDLG.NET
4847. bulk cipher AES-256, 256 secret key bits, 256 key bits, status: 1
4848.  
4849. 2017-05-11T02:30:24Z DEBUG stderr=POST /ca/agent/ca/profileProcess HTTP/1.0
4850. Host: ipa.rdlg.net:8443
4851. Content-Length: 738
4852. Content-Type: application/x-www-form-urlencoded
4853.  
4854. exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true&notBefore=2017-05-10+20%3A30%3A23&keyUsageCritical=true&submit=submit&notAfter=2019-04-30+20%3A30%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa-ca.rdlg.net%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DRDLG.NET&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approveport: 8443
4855. addr='ipa.rdlg.net'
4856. family='2'
4857. IP='172.20.0.200'
4858. Called mygetclientauthdata - nickname = ipa-ca-agent
4859. mygetclientauthdata - cert = fded80
4860. mygetclientauthdata - privkey = 1021440
4861. PR_Write wrote 878 bytes from bigBuf
4862. bytes: [POST /ca/agent/ca/profileProcess HTTP/1.0
4863. Host: ipa.rdlg.net:8443
4864. Content-Length: 738
4865. Content-Type: application/x-www-form-urlencoded
4866.  
4867. exKeyUsageCritical=false&keyUsageEncipherOnly=false&keyUsageNonRepudiation=true&keyUsageDataEncipherment=true&notBefore=2017-05-10+20%3A30%3A23&keyUsageCritical=true&submit=submit&notAfter=2019-04-30+20%3A30%3A23&requestId=7&signingAlg=SHA256withRSA&keyUsageDigitalSignature=true&authInfoAccessGeneralNames=Record+%230%0D%0AMethod%3A1.3.6.1.5.5.7.48.1%0D%0ALocation+Type%3AURIName%0D%0ALocation%3Ahttp%3A%2F%2Fipa-ca.rdlg.net%2Fca%2Focsp%0D%0AEnable%3Atrue%0D%0A%0D%0A&keyUsageKeyEncipherment=true&authInfoAccessCritical=false&name=CN%3DIPA+RA%2CO%3DRDLG.NET&requestNotes=&keyUsageCrlSign=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1%2C1.3.6.1.5.5.7.3.2&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageDecipherOnly=false&op=approve]
4868. do_writes shutting down send socket
4869. do_writes exiting with (result = 0)
4870. connection 1 read 9000 bytes (9000 total).
4871. these bytes read:
4872. connection 1 read 4329 bytes (13329 total).
4873. these bytes read:
4874. connection 1 read 13329 bytes total. -----------------------------
4875. Done with possible addresses - exiting.
4876.  
4877. 2017-05-11T02:30:24Z DEBUG Starting external process
4878. 2017-05-11T02:30:24Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -A -t u,u,u -n ipaCert -a -i /tmp/tmp3Ay3eB
4879. 2017-05-11T02:30:24Z DEBUG Process finished, return code=0
4880. 2017-05-11T02:30:24Z DEBUG stdout=
4881. 2017-05-11T02:30:24Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
4882.  
4883. 2017-05-11T02:30:24Z DEBUG Starting external process
4884. 2017-05-11T02:30:24Z DEBUG args=/usr/bin/pki -d /etc/httpd/alias -C /etc/httpd/alias/pwdfile.txt client-cert-show ipaCert --client-cert /etc/httpd/alias/tmpRb3Roa
4885. 2017-05-11T02:30:25Z DEBUG Process finished, return code=0
4886. 2017-05-11T02:30:25Z DEBUG stdout=
4887. 2017-05-11T02:30:25Z DEBUG stderr=
4888. 2017-05-11T02:30:25Z DEBUG duration: 1 seconds
4889. 2017-05-11T02:30:25Z DEBUG [17/31]: adding RA agent as a trusted user
4890. 2017-05-11T02:30:25Z DEBUG Created connection context.ldap2_85486928
4891. 2017-05-11T02:30:25Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
4892. 2017-05-11T02:30:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4f95ab8>
4893. 2017-05-11T02:30:25Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Certificate Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember
4894. 2017-05-11T02:30:25Z DEBUG add_entry_to_group: dn=uid=ipara,ou=People,o=ipaca group_dn=cn=Registration Manager Agents,ou=groups,o=ipaca member_attr=uniqueMember
4895. 2017-05-11T02:30:25Z DEBUG Destroyed connection context.ldap2_85486928
4896. 2017-05-11T02:30:25Z DEBUG duration: 0 seconds
4897. 2017-05-11T02:30:25Z DEBUG [18/31]: authorizing RA to modify profiles
4898. 2017-05-11T02:30:25Z DEBUG Created connection context.ldap2_83903184
4899. 2017-05-11T02:30:25Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
4900. 2017-05-11T02:30:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x753e830>
4901. 2017-05-11T02:30:25Z DEBUG Destroyed connection context.ldap2_83903184
4902. 2017-05-11T02:30:25Z DEBUG duration: 0 seconds
4903. 2017-05-11T02:30:25Z DEBUG [19/31]: authorizing RA to manage lightweight CAs
4904. 2017-05-11T02:30:25Z DEBUG Created connection context.ldap2_83906512
4905. 2017-05-11T02:30:25Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
4906. 2017-05-11T02:30:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4f95ab8>
4907. 2017-05-11T02:30:25Z DEBUG Destroyed connection context.ldap2_83906512
4908. 2017-05-11T02:30:25Z DEBUG duration: 0 seconds
4909. 2017-05-11T02:30:25Z DEBUG [20/31]: Ensure lightweight CAs container exists
4910. 2017-05-11T02:30:25Z DEBUG Created connection context.ldap2_83904592
4911. 2017-05-11T02:30:25Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
4912. 2017-05-11T02:30:25Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x753e830>
4913. 2017-05-11T02:30:26Z DEBUG Destroyed connection context.ldap2_83904592
4914. 2017-05-11T02:30:26Z DEBUG duration: 0 seconds
4915. 2017-05-11T02:30:26Z DEBUG [21/31]: configure certmonger for renewals
4916. 2017-05-11T02:30:26Z DEBUG Starting external process
4917. 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl enable certmonger.service
4918. 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
4919. 2017-05-11T02:30:26Z DEBUG stdout=
4920. 2017-05-11T02:30:26Z DEBUG stderr=Created symlink from /etc/systemd/system/multi-user.target.wants/certmonger.service to /usr/lib/systemd/system/certmonger.service.
4921.  
4922. 2017-05-11T02:30:26Z DEBUG Starting external process
4923. 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl start messagebus.service
4924. 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
4925. 2017-05-11T02:30:26Z DEBUG stdout=
4926. 2017-05-11T02:30:26Z DEBUG stderr=
4927. 2017-05-11T02:30:26Z DEBUG Starting external process
4928. 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl is-active messagebus.service
4929. 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
4930. 2017-05-11T02:30:26Z DEBUG stdout=active
4931.  
4932. 2017-05-11T02:30:26Z DEBUG stderr=
4933. 2017-05-11T02:30:26Z DEBUG Starting external process
4934. 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl start certmonger.service
4935. 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
4936. 2017-05-11T02:30:26Z DEBUG stdout=
4937. 2017-05-11T02:30:26Z DEBUG stderr=
4938. 2017-05-11T02:30:26Z DEBUG Starting external process
4939. 2017-05-11T02:30:26Z DEBUG args=/bin/systemctl is-active certmonger.service
4940. 2017-05-11T02:30:26Z DEBUG Process finished, return code=0
4941. 2017-05-11T02:30:26Z DEBUG stdout=active
4942.  
4943. 2017-05-11T02:30:26Z DEBUG stderr=
4944. 2017-05-11T02:30:26Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
4945. 2017-05-11T02:30:26Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
4946. 2017-05-11T02:30:27Z DEBUG duration: 1 seconds
4947. 2017-05-11T02:30:27Z DEBUG [22/31]: configure certificate renewals
4948. 2017-05-11T02:30:31Z DEBUG duration: 3 seconds
4949. 2017-05-11T02:30:31Z DEBUG [23/31]: configure RA certificate renewal
4950. 2017-05-11T02:30:32Z DEBUG duration: 1 seconds
4951. 2017-05-11T02:30:32Z DEBUG [24/31]: configure Server-Cert certificate renewal
4952. 2017-05-11T02:30:33Z DEBUG duration: 0 seconds
4953. 2017-05-11T02:30:33Z DEBUG [25/31]: Configure HTTP to proxy connections
4954. 2017-05-11T02:30:33Z DEBUG duration: 0 seconds
4955. 2017-05-11T02:30:33Z DEBUG [26/31]: restarting certificate server
4956. 2017-05-11T02:30:33Z DEBUG Starting external process
4957. 2017-05-11T02:30:33Z DEBUG args=/bin/systemctl restart pki-tomcatd@pki-tomcat.service
4958. 2017-05-11T02:30:42Z DEBUG Process finished, return code=0
4959. 2017-05-11T02:30:42Z DEBUG stdout=
4960. 2017-05-11T02:30:42Z DEBUG stderr=
4961. 2017-05-11T02:30:42Z DEBUG Starting external process
4962. 2017-05-11T02:30:42Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
4963. 2017-05-11T02:30:42Z DEBUG Process finished, return code=0
4964. 2017-05-11T02:30:42Z DEBUG stdout=active
4965.  
4966. 2017-05-11T02:30:42Z DEBUG stderr=
4967. 2017-05-11T02:30:42Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
4968. 2017-05-11T02:30:44Z DEBUG Waiting until the CA is running
4969. 2017-05-11T02:30:44Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus
4970. 2017-05-11T02:30:44Z DEBUG request body ''
4971. 2017-05-11T02:30:52Z DEBUG response status 200
4972. 2017-05-11T02:30:52Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:52 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
4973. 2017-05-11T02:30:52Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>'
4974. 2017-05-11T02:30:52Z DEBUG The CA status is: running
4975. 2017-05-11T02:30:52Z DEBUG duration: 19 seconds
4976. 2017-05-11T02:30:52Z DEBUG [27/31]: migrating certificate profiles to LDAP
4977. 2017-05-11T02:30:52Z DEBUG Created connection context.ldap2_83903632
4978. 2017-05-11T02:30:52Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
4979. 2017-05-11T02:30:52Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7320128>
4980. 2017-05-11T02:30:53Z DEBUG Destroyed connection context.ldap2_83903632
4981. 2017-05-11T02:30:53Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
4982. 2017-05-11T02:30:53Z DEBUG request body ''
4983. 2017-05-11T02:30:53Z DEBUG NSSConnection init ipa.rdlg.net
4984. 2017-05-11T02:30:53Z DEBUG Connecting: 172.20.0.200:0
4985. 2017-05-11T02:30:53Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
4986. 2017-05-11T02:30:53Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
4987. 2017-05-11T02:30:53Z DEBUG handshake complete, peer = 172.20.0.200:8443
4988. 2017-05-11T02:30:53Z DEBUG Protocol: TLS1.2
4989. 2017-05-11T02:30:53Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
4990. 2017-05-11T02:30:54Z DEBUG response status 200
4991. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=46FD6DF21C28C850B2B6E8B4670D7622; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
4992. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
4993. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
4994. 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates.\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caUserCert\nclassId=caEnrollImpl\n'
4995. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
4996. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
4997. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
4998. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
4999. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5000. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5001. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5002. 2017-05-11T02:30:54Z DEBUG response status 409
5003. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5004. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5005. 2017-05-11T02:30:54Z DEBUG Error migrating 'caUserCert': Non-2xx response from CA REST API: 409. Profile already exists
5006. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caUserCert?action=enable
5007. 2017-05-11T02:30:54Z DEBUG request body ''
5008. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5009. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5010. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5011. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5012. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5013. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5014. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5015. 2017-05-11T02:30:54Z DEBUG response status 500
5016. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
5017. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5018. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5019. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5020. 2017-05-11T02:30:54Z DEBUG request body ''
5021. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5022. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5023. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5024. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5025. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5026. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5027. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5028. 2017-05-11T02:30:54Z DEBUG response status 204
5029. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=DA0F105A63528E1D88C41CEAE42B6D84; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5030. 2017-05-11T02:30:54Z DEBUG response body ''
5031. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5032. 2017-05-11T02:30:54Z DEBUG request body ''
5033. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5034. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5035. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5036. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5037. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5038. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5039. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5040. 2017-05-11T02:30:54Z DEBUG response status 200
5041. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=040BFE94D36250CB8F0624A171B2E1D2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5042. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5043. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5044. 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC certificates.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Dual-Use ECC Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECUserCert\nclassId=caEnrollImpl\n'
5045. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5046. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5047. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5048. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5049. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5050. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5051. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5052. 2017-05-11T02:30:54Z DEBUG response status 409
5053. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5054. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5055. 2017-05-11T02:30:54Z DEBUG Error migrating 'caECUserCert': Non-2xx response from CA REST API: 409. Profile already exists
5056. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caECUserCert?action=enable
5057. 2017-05-11T02:30:54Z DEBUG request body ''
5058. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5059. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5060. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5061. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5062. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5063. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5064. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5065. 2017-05-11T02:30:54Z DEBUG response status 500
5066. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
5067. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5068. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5069. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5070. 2017-05-11T02:30:54Z DEBUG request body ''
5071. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5072. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5073. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5074. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5075. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5076. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5077. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5078. 2017-05-11T02:30:54Z DEBUG response status 204
5079. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=9EA9BC3B10FF742555CDEAC8B774CE25; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5080. 2017-05-11T02:30:54Z DEBUG response body ''
5081. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5082. 2017-05-11T02:30:54Z DEBUG request body ''
5083. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5084. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5085. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5086. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5087. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5088. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5089. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5090. 2017-05-11T02:30:54Z DEBUG response status 200
5091. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=7EB614EA21AE5E4AEB76579A135E0844; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5092. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5093. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5094. 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with S/MIME capabilities extension - OID: 1.2.840.113549.1.9.15\nvisible=true\nenable=true\nenableBy=admin\nname=Manual User Dual-Use S/MIME capabilities Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9,11\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\npolicyset.userCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.11.constraint.name=No Constraint\npolicyset.userCertSet.11.default.class_id=genericExtDefaultImpl\npolicyset.userCertSet.11.default.name=Generic Extension\npolicyset.userCertSet.11.default.params.genericExtOID=1.2.840.113549.1.9.15\npolicyset.userCertSet.11.default.params.genericExtData=3067300B06092A864886F70D010105300B06092A864886F70D01010B300B06092A864886F70D01010C300B06092A864886F70D01010D300A06082A864886F70D0307300B0609608648016503040102300B060960864801650304012A300B06092A864886F70D010101\nprofileId=caUserSMIMEcapCert\nclassId=caEnrollImpl\n'
5095. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5096. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5097. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5098. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5099. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5100. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5101. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5102. 2017-05-11T02:30:54Z DEBUG response status 409
5103. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5104. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5105. 2017-05-11T02:30:54Z DEBUG Error migrating 'caUserSMIMEcapCert': Non-2xx response from CA REST API: 409. Profile already exists
5106. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caUserSMIMEcapCert?action=enable
5107. 2017-05-11T02:30:54Z DEBUG request body ''
5108. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5109. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5110. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5111. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5112. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5113. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5114. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5115. 2017-05-11T02:30:54Z DEBUG response status 500
5116. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
5117. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5118. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5119. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5120. 2017-05-11T02:30:54Z DEBUG request body ''
5121. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5122. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5123. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5124. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5125. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5126. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5127. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5128. 2017-05-11T02:30:54Z DEBUG response status 204
5129. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=B9F26815F636D5A804F4AEDFFC622B8C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5130. 2017-05-11T02:30:54Z DEBUG response body ''
5131. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5132. 2017-05-11T02:30:54Z DEBUG request body ''
5133. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5134. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5135. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5136. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5137. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5138. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5139. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5140. 2017-05-11T02:30:54Z DEBUG response status 200
5141. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=34934FBB1F4F7B4160CD13C13C73F300; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5142. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5143. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5144. 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing & Encryption Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\nprofileId=caDualCert\nclassId=caEnrollImpl\n'
5145. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5146. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5147. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5148. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5149. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5150. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5151. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5152. 2017-05-11T02:30:54Z DEBUG response status 409
5153. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5154. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5155. 2017-05-11T02:30:54Z DEBUG Error migrating 'caDualCert': Non-2xx response from CA REST API: 409. Profile already exists
5156. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDualCert?action=enable
5157. 2017-05-11T02:30:54Z DEBUG request body ''
5158. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5159. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5160. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5161. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5162. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5163. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5164. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5165. 2017-05-11T02:30:54Z DEBUG response status 500
5166. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6520', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
5167. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tsun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5168. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5169. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5170. 2017-05-11T02:30:54Z DEBUG request body ''
5171. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5172. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5173. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5174. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5175. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5176. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5177. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5178. 2017-05-11T02:30:54Z DEBUG response status 204
5179. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=C240B403C517A5BD8BF13EC248AF68FA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5180. 2017-05-11T02:30:54Z DEBUG response body ''
5181. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5182. 2017-05-11T02:30:54Z DEBUG request body ''
5183. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5184. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5185. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5186. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5187. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5188. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5189. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5190. 2017-05-11T02:30:54Z DEBUG response status 200
5191. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=144987A81FEC4CDC6BFD553798A5D971; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5192. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5193. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5194. 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-authenticated User Signing & Encryption Certificates Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\nprofileId=caDirBasedDualCert\nclassId=caEnrollImpl\n'
5195. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5196. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5197. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5198. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5199. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5200. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5201. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5202. 2017-05-11T02:30:54Z DEBUG response status 409
5203. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5204. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5205. 2017-05-11T02:30:54Z DEBUG Error migrating 'caDirBasedDualCert': Non-2xx response from CA REST API: 409. Profile already exists
5206. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirBasedDualCert?action=enable
5207. 2017-05-11T02:30:54Z DEBUG request body ''
5208. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5209. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5210. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5211. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5212. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5213. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5214. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5215. 2017-05-11T02:30:54Z DEBUG response status 500
5216. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
5217. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5218. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5219. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5220. 2017-05-11T02:30:54Z DEBUG request body ''
5221. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5222. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5223. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5224. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5225. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5226. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5227. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5228. 2017-05-11T02:30:54Z DEBUG response status 204
5229. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=B55E3A8D30B594FD0D7FD1D1FAD7235B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5230. 2017-05-11T02:30:54Z DEBUG response body ''
5231. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5232. 2017-05-11T02:30:54Z DEBUG request body ''
5233. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5234. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5235. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5236. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5237. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5238. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5239. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5240. 2017-05-11T02:30:54Z DEBUG response status 200
5241. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4C186CD489792FFADC572F2BF715FADE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5242. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5243. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5244. 2017-05-11T02:30:54Z DEBUG request body 'desc=This certificate profile is for enrolling dual user ECC certificates. It works only with Netscape 7.0 or later.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing & Encryption ECC Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=dualKeyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet,signingCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=UID=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=EC\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.list=1,2,3,4,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=UID=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=EC\npolicyset.signingCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.signingCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\npolicyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\nprofileId=caECDualCert\nclassId=caEnrollImpl\n'
5245. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5246. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5247. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5248. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5249. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5250. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5251. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5252. 2017-05-11T02:30:54Z DEBUG response status 409
5253. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5254. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5255. 2017-05-11T02:30:54Z DEBUG Error migrating 'caECDualCert': Non-2xx response from CA REST API: 409. Profile already exists
5256. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caECDualCert?action=enable
5257. 2017-05-11T02:30:54Z DEBUG request body ''
5258. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5259. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5260. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5261. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5262. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5263. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5264. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5265. 2017-05-11T02:30:54Z DEBUG response status 500
5266. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
5267. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5268. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5269. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5270. 2017-05-11T02:30:54Z DEBUG request body ''
5271. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5272. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5273. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5274. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5275. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5276. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5277. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5278. 2017-05-11T02:30:54Z DEBUG response status 204
5279. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=042FD11A1B84018026B0AD3A0F1694D4; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5280. 2017-05-11T02:30:54Z DEBUG response body ''
5281. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5282. 2017-05-11T02:30:54Z DEBUG request body ''
5283. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5284. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5285. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5286. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5287. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5288. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5289. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5290. 2017-05-11T02:30:54Z DEBUG response status 200
5291. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E73BAA0CFF371050FE9628A41AC9D514; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5292. 2017-05-11T02:30:54Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5293. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5294. 2017-05-11T02:30:54Z DEBUG request body "desc=This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=\nname=Manual Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=-\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=AdminCert\nclassId=caEnrollImpl\n"
5295. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5296. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5297. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5298. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5299. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5300. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5301. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5302. 2017-05-11T02:30:54Z DEBUG response status 409
5303. 2017-05-11T02:30:54Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5304. 2017-05-11T02:30:54Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5305. 2017-05-11T02:30:54Z DEBUG Error migrating 'AdminCert': Non-2xx response from CA REST API: 409. Profile already exists
5306. 2017-05-11T02:30:54Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/AdminCert?action=enable
5307. 2017-05-11T02:30:54Z DEBUG request body ''
5308. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5309. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5310. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5311. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5312. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5313. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5314. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5315. 2017-05-11T02:30:54Z DEBUG response status 500
5316. 2017-05-11T02:30:54Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
5317. 2017-05-11T02:30:54Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5318. 2017-05-11T02:30:54Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5319. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5320. 2017-05-11T02:30:54Z DEBUG request body ''
5321. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5322. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5323. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5324. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5325. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5326. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5327. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5328. 2017-05-11T02:30:54Z DEBUG response status 204
5329. 2017-05-11T02:30:54Z DEBUG response headers {'set-cookie': 'JSESSIONID=24661E0665FCB5CF3110082DCEFDF294; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5330. 2017-05-11T02:30:54Z DEBUG response body ''
5331. 2017-05-11T02:30:54Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5332. 2017-05-11T02:30:54Z DEBUG request body ''
5333. 2017-05-11T02:30:54Z DEBUG NSSConnection init ipa.rdlg.net
5334. 2017-05-11T02:30:54Z DEBUG Connecting: 172.20.0.200:0
5335. 2017-05-11T02:30:54Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5336. 2017-05-11T02:30:54Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5337. 2017-05-11T02:30:54Z DEBUG handshake complete, peer = 172.20.0.200:8443
5338. 2017-05-11T02:30:54Z DEBUG Protocol: TLS1.2
5339. 2017-05-11T02:30:54Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5340. 2017-05-11T02:30:55Z DEBUG response status 200
5341. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=DC3BE0380E26C75661E3DB3EBF78D0A2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/xml'}
5342. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5343. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5344. 2017-05-11T02:30:55Z DEBUG request body 'desc=This profile is for enrolling audit log signing certificates\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Log Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caLogSigningSet\npolicyset.caLogSigningSet.list=1,2,3,4,6,8,9\npolicyset.caLogSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caLogSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caLogSigningSet.1.constraint.params.pattern=CN=.*\npolicyset.caLogSigningSet.1.constraint.params.accept=true\npolicyset.caLogSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caLogSigningSet.1.default.name=Subject Name Default\npolicyset.caLogSigningSet.1.default.params.name=\npolicyset.caLogSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caLogSigningSet.2.constraint.name=Validity Constraint\npolicyset.caLogSigningSet.2.constraint.params.range=720\npolicyset.caLogSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caLogSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caLogSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caLogSigningSet.2.default.name=Validity Default\npolicyset.caLogSigningSet.2.default.params.range=720\npolicyset.caLogSigningSet.2.default.params.startTime=0\npolicyset.caLogSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caLogSigningSet.3.constraint.name=Key Constraint\npolicyset.caLogSigningSet.3.constraint.params.keyType=RSA\npolicyset.caLogSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caLogSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caLogSigningSet.3.default.name=Key Default\npolicyset.caLogSigningSet.4.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.4.constraint.name=No Constraint\npolicyset.caLogSigningSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.4.default.name=Authority Key Identifier Default\npolicyset.caLogSigningSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caLogSigningSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caLogSigningSet.6.default.name=Key Usage Default\npolicyset.caLogSigningSet.6.default.params.keyUsageCritical=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caLogSigningSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caLogSigningSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caLogSigningSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageCrlSign=false\npolicyset.caLogSigningSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caLogSigningSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caLogSigningSet.8.constraint.class_id=noConstraintImpl\npolicyset.caLogSigningSet.8.constraint.name=No Constraint\npolicyset.caLogSigningSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caLogSigningSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caLogSigningSet.8.default.params.critical=false\npolicyset.caLogSigningSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caLogSigningSet.9.constraint.name=No Constraint\npolicyset.caLogSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caLogSigningSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caLogSigningSet.9.default.name=Signing Alg\npolicyset.caLogSigningSet.9.default.params.signingAlg=-\nprofileId=caSignedLogCert\nclassId=caEnrollImpl\n'
5345. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5346. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5347. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5348. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5349. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5350. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5351. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5352. 2017-05-11T02:30:55Z DEBUG response status 409
5353. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5354. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5355. 2017-05-11T02:30:55Z DEBUG Error migrating 'caSignedLogCert': Non-2xx response from CA REST API: 409. Profile already exists
5356. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSignedLogCert?action=enable
5357. 2017-05-11T02:30:55Z DEBUG request body ''
5358. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5359. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5360. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5361. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5362. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5363. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5364. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5365. 2017-05-11T02:30:55Z DEBUG response status 500
5366. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:54 GMT', 'content-type': 'text/html;charset=utf-8'}
5367. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5368. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5369. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5370. 2017-05-11T02:30:55Z DEBUG request body ''
5371. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5372. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5373. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5374. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5375. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5376. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5377. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5378. 2017-05-11T02:30:55Z DEBUG response status 204
5379. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=7AA05A9DDDEE34BEED4232409651B965; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5380. 2017-05-11T02:30:55Z DEBUG response body ''
5381. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5382. 2017-05-11T02:30:55Z DEBUG request body ''
5383. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5384. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5385. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5386. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5387. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5388. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5389. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5390. 2017-05-11T02:30:55Z DEBUG response status 200
5391. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=1BC28DC8994A6112F7C33650F4650F46; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5392. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5393. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5394. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling TPS server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual TPS Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caTPSCert\nclassId=caEnrollImpl\n'
5395. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5396. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5397. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5398. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5399. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5400. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5401. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5402. 2017-05-11T02:30:55Z DEBUG response status 409
5403. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5404. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5405. 2017-05-11T02:30:55Z DEBUG Error migrating 'caTPSCert': Non-2xx response from CA REST API: 409. Profile already exists
5406. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTPSCert?action=enable
5407. 2017-05-11T02:30:55Z DEBUG request body ''
5408. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5409. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5410. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5411. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5412. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5413. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5414. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5415. 2017-05-11T02:30:55Z DEBUG response status 500
5416. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
5417. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5418. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5419. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5420. 2017-05-11T02:30:55Z DEBUG request body ''
5421. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5422. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5423. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5424. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5425. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5426. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5427. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5428. 2017-05-11T02:30:55Z DEBUG response status 204
5429. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=47DC5F2C6D258E45E557ACC83A990060; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5430. 2017-05-11T02:30:55Z DEBUG response body ''
5431. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5432. 2017-05-11T02:30:55Z DEBUG request body ''
5433. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5434. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5435. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5436. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5437. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5438. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5439. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5440. 2017-05-11T02:30:55Z DEBUG response status 200
5441. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=370AC3D36623B4095E5F3D852FE29078; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5442. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5443. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5444. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRARouterCert\nclassId=caEnrollImpl\n'
5445. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5446. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5447. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5448. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5449. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5450. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5451. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5452. 2017-05-11T02:30:55Z DEBUG response status 409
5453. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5454. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5455. 2017-05-11T02:30:55Z DEBUG Error migrating 'caRARouterCert': Non-2xx response from CA REST API: 409. Profile already exists
5456. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRARouterCert?action=enable
5457. 2017-05-11T02:30:55Z DEBUG request body ''
5458. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5459. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5460. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5461. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5462. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5463. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5464. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5465. 2017-05-11T02:30:55Z DEBUG response status 500
5466. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
5467. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5468. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5469. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5470. 2017-05-11T02:30:55Z DEBUG request body ''
5471. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5472. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5473. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5474. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5475. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5476. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5477. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5478. 2017-05-11T02:30:55Z DEBUG response status 204
5479. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=24D6FAB637F1C197A16D514BE733B51A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5480. 2017-05-11T02:30:55Z DEBUG response body ''
5481. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5482. 2017-05-11T02:30:55Z DEBUG request body ''
5483. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5484. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5485. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5486. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5487. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5488. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5489. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5490. 2017-05-11T02:30:55Z DEBUG response status 200
5491. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=AE7CD0068442866E31AB80D24CD5EBC0; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5492. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5493. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5494. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling router certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=flatFileAuth\nname=One Time Pin Router Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRouterCert\nclassId=caEnrollImpl\n'
5495. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5496. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5497. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5498. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5499. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5500. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5501. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5502. 2017-05-11T02:30:55Z DEBUG response status 409
5503. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5504. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5505. 2017-05-11T02:30:55Z DEBUG Error migrating 'caRouterCert': Non-2xx response from CA REST API: 409. Profile already exists
5506. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRouterCert?action=enable
5507. 2017-05-11T02:30:55Z DEBUG request body ''
5508. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5509. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5510. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5511. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5512. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5513. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5514. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5515. 2017-05-11T02:30:55Z DEBUG response status 500
5516. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
5517. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5518. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5519. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5520. 2017-05-11T02:30:55Z DEBUG request body ''
5521. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5522. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5523. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5524. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5525. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5526. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5527. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5528. 2017-05-11T02:30:55Z DEBUG response status 204
5529. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=9D065B162B15A99C4196A4D93EE205BE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5530. 2017-05-11T02:30:55Z DEBUG response body ''
5531. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5532. 2017-05-11T02:30:55Z DEBUG request body ''
5533. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5534. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5535. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5536. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5537. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5538. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5539. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5540. 2017-05-11T02:30:55Z DEBUG response status 200
5541. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=CAC3858C06215F9E52C22A6F80AFCFBD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5542. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5543. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5544. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=.*CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caServerCert\nclassId=caEnrollImpl\n'
5545. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5546. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5547. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5548. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5549. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5550. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5551. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5552. 2017-05-11T02:30:55Z DEBUG response status 409
5553. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5554. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5555. 2017-05-11T02:30:55Z DEBUG Error migrating 'caServerCert': Non-2xx response from CA REST API: 409. Profile already exists
5556. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caServerCert?action=enable
5557. 2017-05-11T02:30:55Z DEBUG request body ''
5558. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5559. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5560. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5561. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5562. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5563. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5564. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5565. 2017-05-11T02:30:55Z DEBUG response status 500
5566. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
5567. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5568. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5569. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5570. 2017-05-11T02:30:55Z DEBUG request body ''
5571. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5572. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5573. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5574. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5575. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5576. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5577. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5578. 2017-05-11T02:30:55Z DEBUG response status 204
5579. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=EEC3A5E4616CDC92E4CA0159ECF394F8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5580. 2017-05-11T02:30:55Z DEBUG response body ''
5581. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5582. 2017-05-11T02:30:55Z DEBUG request body ''
5583. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5584. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5585. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5586. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5587. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5588. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5589. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5590. 2017-05-11T02:30:55Z DEBUG response status 200
5591. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=B6CB304E7FB2D4DB05AE61E08901A598; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5592. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5593. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5594. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling subsystem certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caSubsystemCert\nclassId=caEnrollImpl\n'
5595. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5596. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5597. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5598. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5599. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5600. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5601. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5602. 2017-05-11T02:30:55Z DEBUG response status 409
5603. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5604. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5605. 2017-05-11T02:30:55Z DEBUG Error migrating 'caSubsystemCert': Non-2xx response from CA REST API: 409. Profile already exists
5606. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSubsystemCert?action=enable
5607. 2017-05-11T02:30:55Z DEBUG request body ''
5608. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5609. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5610. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5611. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5612. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5613. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5614. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5615. 2017-05-11T02:30:55Z DEBUG response status 500
5616. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
5617. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5618. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5619. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5620. 2017-05-11T02:30:55Z DEBUG request body ''
5621. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5622. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5623. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5624. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5625. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5626. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5627. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5628. 2017-05-11T02:30:55Z DEBUG response status 204
5629. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=586BD0C8C2163E855718416104F3461E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5630. 2017-05-11T02:30:55Z DEBUG response body ''
5631. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5632. 2017-05-11T02:30:55Z DEBUG request body ''
5633. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5634. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5635. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5636. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5637. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5638. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5639. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5640. 2017-05-11T02:30:55Z DEBUG response status 200
5641. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=F0694B09D01938C76727D5E7974DDCE8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5642. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5643. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5644. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling other certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Other Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=otherCertSet\npolicyset.otherCertSet.list=1,2,3,4,5,6,7,8\npolicyset.otherCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.otherCertSet.1.constraint.name=Subject Name Constraint\npolicyset.otherCertSet.1.constraint.params.pattern=CN=.*\npolicyset.otherCertSet.1.constraint.params.accept=true\npolicyset.otherCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.otherCertSet.1.default.name=Subject Name Default\npolicyset.otherCertSet.1.default.params.name=\npolicyset.otherCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.otherCertSet.2.constraint.name=Validity Constraint\npolicyset.otherCertSet.2.constraint.params.range=720\npolicyset.otherCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.otherCertSet.2.constraint.params.notAfterCheck=false\npolicyset.otherCertSet.2.default.class_id=validityDefaultImpl\npolicyset.otherCertSet.2.default.name=Validity Default\npolicyset.otherCertSet.2.default.params.range=720\npolicyset.otherCertSet.2.default.params.startTime=0\npolicyset.otherCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.otherCertSet.3.constraint.name=Key Constraint\npolicyset.otherCertSet.3.constraint.params.keyType=-\npolicyset.otherCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.otherCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.otherCertSet.3.default.name=Key Default\npolicyset.otherCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.4.constraint.name=No Constraint\npolicyset.otherCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.otherCertSet.4.default.name=Authority Key Identifier Default\npolicyset.otherCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.5.constraint.name=No Constraint\npolicyset.otherCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.otherCertSet.5.default.name=AIA Extension Default\npolicyset.otherCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.otherCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.otherCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.otherCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.otherCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.otherCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.otherCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.otherCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.otherCertSet.6.default.name=Key Usage Default\npolicyset.otherCertSet.6.default.params.keyUsageCritical=true\npolicyset.otherCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.otherCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.otherCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.otherCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.otherCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.otherCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.otherCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.otherCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.otherCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.otherCertSet.7.constraint.name=No Constraint\npolicyset.otherCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.otherCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.otherCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.otherCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.otherCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.otherCertSet.8.constraint.name=No Constraint\npolicyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.otherCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.otherCertSet.8.default.name=Signing Alg\npolicyset.otherCertSet.8.default.params.signingAlg=-\nprofileId=caOtherCert\nclassId=caEnrollImpl\n'
5645. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5646. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5647. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5648. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5649. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5650. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5651. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5652. 2017-05-11T02:30:55Z DEBUG response status 409
5653. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5654. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5655. 2017-05-11T02:30:55Z DEBUG Error migrating 'caOtherCert': Non-2xx response from CA REST API: 409. Profile already exists
5656. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caOtherCert?action=enable
5657. 2017-05-11T02:30:55Z DEBUG request body ''
5658. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5659. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5660. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5661. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5662. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5663. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5664. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5665. 2017-05-11T02:30:55Z DEBUG response status 500
5666. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
5667. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5668. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5669. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5670. 2017-05-11T02:30:55Z DEBUG request body ''
5671. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5672. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5673. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5674. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5675. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5676. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5677. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5678. 2017-05-11T02:30:55Z DEBUG response status 204
5679. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=0E81CE66AB933454F40F6C29DBF786F3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5680. 2017-05-11T02:30:55Z DEBUG response body ''
5681. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5682. 2017-05-11T02:30:55Z DEBUG request body ''
5683. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5684. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5685. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5686. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5687. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5688. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5689. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5690. 2017-05-11T02:30:55Z DEBUG response status 200
5691. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=33A345D9395D85A8BD078E5D4921AB6C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5692. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5693. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5694. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCACert\nclassId=caEnrollImpl\n'
5695. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5696. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5697. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5698. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5699. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5700. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5701. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5702. 2017-05-11T02:30:55Z DEBUG response status 409
5703. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5704. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5705. 2017-05-11T02:30:55Z DEBUG Error migrating 'caCACert': Non-2xx response from CA REST API: 409. Profile already exists
5706. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caCACert?action=enable
5707. 2017-05-11T02:30:55Z DEBUG request body ''
5708. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5709. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5710. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5711. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5712. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5713. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5714. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5715. 2017-05-11T02:30:55Z DEBUG response status 500
5716. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
5717. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5718. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5719. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5720. 2017-05-11T02:30:55Z DEBUG request body ''
5721. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5722. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5723. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5724. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5725. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5726. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5727. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5728. 2017-05-11T02:30:55Z DEBUG response status 204
5729. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=1666AF99F4350CA2DD03468414D81851; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5730. 2017-05-11T02:30:55Z DEBUG response body ''
5731. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5732. 2017-05-11T02:30:55Z DEBUG request body ''
5733. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5734. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5735. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5736. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5737. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5738. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5739. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5740. 2017-05-11T02:30:55Z DEBUG response status 200
5741. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E320477F05778C3BE006B51328794EBA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5742. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5743. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5744. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling Cross Signed Certificate Authority certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Cross Signed Certificate Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=userSubjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=User Subject Name Constraint\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=User Supplied Subject Name Default\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=7305\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=caValidityDefaultImpl\npolicyset.caCertSet.2.default.name=CA Certificate Validity Default\npolicyset.caCertSet.2.default.params.range=7305\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caCrossSignedCACert\nclassId=caEnrollImpl\n'
5745. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5746. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5747. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5748. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5749. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5750. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5751. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5752. 2017-05-11T02:30:55Z DEBUG response status 409
5753. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5754. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5755. 2017-05-11T02:30:55Z DEBUG Error migrating 'caCrossSignedCACert': Non-2xx response from CA REST API: 409. Profile already exists
5756. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caCrossSignedCACert?action=enable
5757. 2017-05-11T02:30:55Z DEBUG request body ''
5758. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5759. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5760. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5761. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5762. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5763. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5764. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5765. 2017-05-11T02:30:55Z DEBUG response status 204
5766. 2017-05-11T02:30:55Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
5767. 2017-05-11T02:30:55Z DEBUG response body ''
5768. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5769. 2017-05-11T02:30:55Z DEBUG request body ''
5770. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5771. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5772. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5773. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5774. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5775. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5776. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5777. 2017-05-11T02:30:55Z DEBUG response status 204
5778. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=DD7BBED93F65808288D14EAE012C29B4; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5779. 2017-05-11T02:30:55Z DEBUG response body ''
5780. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5781. 2017-05-11T02:30:55Z DEBUG request body ''
5782. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5783. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5784. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5785. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5786. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5787. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5788. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5789. 2017-05-11T02:30:55Z DEBUG response status 200
5790. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=573DDC30D27B038CEA56F1A8F63528E5; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5791. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5792. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5793. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain Certificate Authority certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Manual Security Domain Certificate Authority Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caCertSet\npolicyset.caCertSet.list=1,2,3,4,5,6,8,9,10\npolicyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caCertSet.1.constraint.name=Subject Name Constraint\npolicyset.caCertSet.1.constraint.params.pattern=CN=.*\npolicyset.caCertSet.1.constraint.params.accept=true\npolicyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caCertSet.1.default.name=Subject Name Default\npolicyset.caCertSet.1.default.params.name=\npolicyset.caCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caCertSet.2.constraint.name=Validity Constraint\npolicyset.caCertSet.2.constraint.params.range=720\npolicyset.caCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.caCertSet.2.constraint.params.notAfterCheck=false\npolicyset.caCertSet.2.default.class_id=validityDefaultImpl\npolicyset.caCertSet.2.default.name=Validity Default\npolicyset.caCertSet.2.default.params.range=720\npolicyset.caCertSet.2.default.params.startTime=0\npolicyset.caCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caCertSet.3.constraint.name=Key Constraint\npolicyset.caCertSet.3.constraint.params.keyType=-\npolicyset.caCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.caCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caCertSet.3.default.name=Key Default\npolicyset.caCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.4.constraint.name=No Constraint\npolicyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.4.default.name=Authority Key Identifier Default\npolicyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint\npolicyset.caCertSet.5.constraint.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.caCertSet.5.default.name=Basic Constraints Extension Default\npolicyset.caCertSet.5.default.params.basicConstraintsCritical=true\npolicyset.caCertSet.5.default.params.basicConstraintsIsCA=true\npolicyset.caCertSet.5.default.params.basicConstraintsPathLen=-1\npolicyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.caCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.caCertSet.6.default.name=Key Usage Default\npolicyset.caCertSet.6.default.params.keyUsageCritical=true\npolicyset.caCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.caCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.caCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.caCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.caCertSet.6.default.params.keyUsageKeyCertSign=true\npolicyset.caCertSet.6.default.params.keyUsageCrlSign=true\npolicyset.caCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.caCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.caCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.8.constraint.name=No Constraint\npolicyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.caCertSet.8.default.name=Subject Key Identifier Extension Default\npolicyset.caCertSet.8.default.params.critical=false\npolicyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.caCertSet.9.constraint.name=No Constraint\npolicyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.caCertSet.9.default.name=Signing Alg\npolicyset.caCertSet.9.default.params.signingAlg=-\npolicyset.caCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.caCertSet.10.constraint.name=No Constraint\npolicyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.caCertSet.10.default.name=AIA Extension Default\npolicyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true\npolicyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.caCertSet.10.default.params.authInfoAccessADLocation_0=\npolicyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.caCertSet.10.default.params.authInfoAccessCritical=false\npolicyset.caCertSet.10.default.params.authInfoAccessNumADs=1\nprofileId=caInstallCACert\nclassId=caEnrollImpl\n'
5794. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5795. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5796. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5797. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5798. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5799. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5800. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5801. 2017-05-11T02:30:55Z DEBUG response status 409
5802. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5803. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5804. 2017-05-11T02:30:55Z DEBUG Error migrating 'caInstallCACert': Non-2xx response from CA REST API: 409. Profile already exists
5805. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInstallCACert?action=enable
5806. 2017-05-11T02:30:55Z DEBUG request body ''
5807. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5808. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5809. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5810. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5811. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5812. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5813. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5814. 2017-05-11T02:30:55Z DEBUG response status 500
5815. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
5816. 2017-05-11T02:30:55Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5817. 2017-05-11T02:30:55Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5818. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5819. 2017-05-11T02:30:55Z DEBUG request body ''
5820. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5821. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5822. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5823. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5824. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5825. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5826. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5827. 2017-05-11T02:30:55Z DEBUG response status 204
5828. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=5640EAFE196F40FAAAABCC8A1D7131BE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5829. 2017-05-11T02:30:55Z DEBUG response body ''
5830. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5831. 2017-05-11T02:30:55Z DEBUG request body ''
5832. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5833. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5834. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5835. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5836. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5837. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5838. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5839. 2017-05-11T02:30:55Z DEBUG response status 200
5840. 2017-05-11T02:30:55Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=CAA28333764DC76F421A2ACEDFC20DA9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5841. 2017-05-11T02:30:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5842. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5843. 2017-05-11T02:30:55Z DEBUG request body 'desc=This certificate profile is for enrolling Registration Manager certificates.\nvisible=false\nenable=false\nenableBy=admin\nauth.class_id=\nname=Manual Registration Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=raCertSet\npolicyset.raCertSet.list=1,2,3,4,5,6,7,8\npolicyset.raCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.raCertSet.1.constraint.name=Subject Name Constraint\npolicyset.raCertSet.1.constraint.params.pattern=CN=.*\npolicyset.raCertSet.1.constraint.params.accept=true\npolicyset.raCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.raCertSet.1.default.name=Subject Name Default\npolicyset.raCertSet.1.default.params.name=\npolicyset.raCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.raCertSet.2.constraint.name=Validity Constraint\npolicyset.raCertSet.2.constraint.params.range=720\npolicyset.raCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.raCertSet.2.constraint.params.notAfterCheck=false\npolicyset.raCertSet.2.default.class_id=validityDefaultImpl\npolicyset.raCertSet.2.default.name=Validity Default\npolicyset.raCertSet.2.default.params.range=720\npolicyset.raCertSet.2.default.params.startTime=0\npolicyset.raCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.raCertSet.3.constraint.name=Key Constraint\npolicyset.raCertSet.3.constraint.params.keyType=RSA\npolicyset.raCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.raCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.raCertSet.3.default.name=Key Default\npolicyset.raCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.4.constraint.name=No Constraint\npolicyset.raCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.raCertSet.4.default.name=Authority Key Identifier Default\npolicyset.raCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.5.constraint.name=No Constraint\npolicyset.raCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.raCertSet.5.default.name=AIA Extension Default\npolicyset.raCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.raCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.raCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.raCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.raCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.raCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.raCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.raCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.raCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.raCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.raCertSet.6.default.name=Key Usage Default\npolicyset.raCertSet.6.default.params.keyUsageCritical=true\npolicyset.raCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.raCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.raCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.raCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.raCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.raCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.raCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.raCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.raCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.raCertSet.7.constraint.name=No Constraint\npolicyset.raCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.raCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.raCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.raCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.raCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.raCertSet.8.constraint.name=No Constraint\npolicyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.raCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.raCertSet.8.default.name=Signing Alg\npolicyset.raCertSet.8.default.params.signingAlg=-\nprofileId=caRACert\nclassId=caEnrollImpl\n'
5844. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5845. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5846. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5847. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5848. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5849. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5850. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5851. 2017-05-11T02:30:55Z DEBUG response status 409
5852. 2017-05-11T02:30:55Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5853. 2017-05-11T02:30:55Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5854. 2017-05-11T02:30:55Z DEBUG Error migrating 'caRACert': Non-2xx response from CA REST API: 409. Profile already exists
5855. 2017-05-11T02:30:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRACert?action=enable
5856. 2017-05-11T02:30:55Z DEBUG request body ''
5857. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5858. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5859. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5860. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5861. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5862. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5863. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5864. 2017-05-11T02:30:55Z DEBUG response status 204
5865. 2017-05-11T02:30:55Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
5866. 2017-05-11T02:30:55Z DEBUG response body ''
5867. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5868. 2017-05-11T02:30:55Z DEBUG request body ''
5869. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5870. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5871. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5872. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5873. 2017-05-11T02:30:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
5874. 2017-05-11T02:30:55Z DEBUG Protocol: TLS1.2
5875. 2017-05-11T02:30:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5876. 2017-05-11T02:30:55Z DEBUG response status 204
5877. 2017-05-11T02:30:55Z DEBUG response headers {'set-cookie': 'JSESSIONID=8CBE95B91C98750C369C6F217F13AA64; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5878. 2017-05-11T02:30:55Z DEBUG response body ''
5879. 2017-05-11T02:30:55Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5880. 2017-05-11T02:30:55Z DEBUG request body ''
5881. 2017-05-11T02:30:55Z DEBUG NSSConnection init ipa.rdlg.net
5882. 2017-05-11T02:30:55Z DEBUG Connecting: 172.20.0.200:0
5883. 2017-05-11T02:30:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5884. 2017-05-11T02:30:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5885. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
5886. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
5887. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5888. 2017-05-11T02:30:56Z DEBUG response status 200
5889. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=D7C389F46EEB67CA4497D074344327B8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5890. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5891. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5892. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling OCSP Manager certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual OCSP Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caOCSPCert\nclassId=caEnrollImpl\n'
5893. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
5894. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
5895. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5896. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5897. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
5898. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
5899. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5900. 2017-05-11T02:30:56Z DEBUG response status 409
5901. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5902. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5903. 2017-05-11T02:30:56Z DEBUG Error migrating 'caOCSPCert': Non-2xx response from CA REST API: 409. Profile already exists
5904. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caOCSPCert?action=enable
5905. 2017-05-11T02:30:56Z DEBUG request body ''
5906. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
5907. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
5908. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5909. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5910. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
5911. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
5912. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5913. 2017-05-11T02:30:56Z DEBUG response status 500
5914. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'text/html;charset=utf-8'}
5915. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5916. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5917. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5918. 2017-05-11T02:30:56Z DEBUG request body ''
5919. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
5920. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
5921. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5922. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5923. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
5924. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
5925. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5926. 2017-05-11T02:30:56Z DEBUG response status 204
5927. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=72E69BB693CD23FB84BECE71C02B6382; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5928. 2017-05-11T02:30:56Z DEBUG response body ''
5929. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5930. 2017-05-11T02:30:56Z DEBUG request body ''
5931. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
5932. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
5933. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5934. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5935. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
5936. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
5937. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5938. 2017-05-11T02:30:56Z DEBUG response status 200
5939. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=D5901AF0D3D8D8A65CFD291FA19FA384; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:55 GMT', 'content-type': 'application/xml'}
5940. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5941. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5942. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager storage certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class.id=\nname=Manual Data Recovery Manager Storage Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=RSA\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caStorageCert\nclassId=caEnrollImpl\n'
5943. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
5944. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
5945. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5946. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5947. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
5948. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
5949. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5950. 2017-05-11T02:30:56Z DEBUG response status 409
5951. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
5952. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
5953. 2017-05-11T02:30:56Z DEBUG Error migrating 'caStorageCert': Non-2xx response from CA REST API: 409. Profile already exists
5954. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caStorageCert?action=enable
5955. 2017-05-11T02:30:56Z DEBUG request body ''
5956. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
5957. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
5958. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5959. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5960. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
5961. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
5962. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5963. 2017-05-11T02:30:56Z DEBUG response status 500
5964. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
5965. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
5966. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
5967. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
5968. 2017-05-11T02:30:56Z DEBUG request body ''
5969. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
5970. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
5971. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5972. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5973. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
5974. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
5975. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5976. 2017-05-11T02:30:56Z DEBUG response status 204
5977. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=0D8919ACD16EFBB3D22B4ADA9C090F08; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
5978. 2017-05-11T02:30:56Z DEBUG response body ''
5979. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
5980. 2017-05-11T02:30:56Z DEBUG request body ''
5981. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
5982. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
5983. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5984. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5985. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
5986. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
5987. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
5988. 2017-05-11T02:30:56Z DEBUG response status 200
5989. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=77F2BEF46C29548CA1D77AA08065CFEB; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
5990. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
5991. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
5992. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling Data Recovery Manager transport certificates.\nvisible=true\nenable=true\nenableBy=admin\nauth.class_id=\nname=Manual Data Recovery Manager Transport Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=RSA\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caTransportCert\nclassId=caEnrollImpl\n'
5993. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
5994. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
5995. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
5996. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
5997. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
5998. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
5999. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6000. 2017-05-11T02:30:56Z DEBUG response status 409
6001. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6002. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6003. 2017-05-11T02:30:56Z DEBUG Error migrating 'caTransportCert': Non-2xx response from CA REST API: 409. Profile already exists
6004. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTransportCert?action=enable
6005. 2017-05-11T02:30:56Z DEBUG request body ''
6006. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6007. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6008. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6009. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6010. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6011. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6012. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6013. 2017-05-11T02:30:56Z DEBUG response status 500
6014. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
6015. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6016. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6017. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6018. 2017-05-11T02:30:56Z DEBUG request body ''
6019. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6020. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6021. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6022. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6023. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6024. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6025. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6026. 2017-05-11T02:30:56Z DEBUG response status 204
6027. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=66F10A2A23194FAC231BEBAD398333DA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6028. 2017-05-11T02:30:56Z DEBUG response body ''
6029. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6030. 2017-05-11T02:30:56Z DEBUG request body ''
6031. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6032. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6033. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6034. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6035. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6036. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6037. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6038. 2017-05-11T02:30:56Z DEBUG response status 200
6039. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=3E4222E03E7F02E961745F462130DBE2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6040. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6041. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6042. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-pin-based authentication.\nvisible=true\nenable=false\nenableBy=admin\nname=Directory-Pin-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=PinDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirPinUserCert\nclassId=caEnrollImpl\n'
6043. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6044. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6045. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6046. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6047. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6048. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6049. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6050. 2017-05-11T02:30:56Z DEBUG response status 409
6051. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6052. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6053. 2017-05-11T02:30:56Z DEBUG Error migrating 'caDirPinUserCert': Non-2xx response from CA REST API: 409. Profile already exists
6054. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirPinUserCert?action=enable
6055. 2017-05-11T02:30:56Z DEBUG request body ''
6056. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6057. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6058. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6059. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6060. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6061. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6062. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6063. 2017-05-11T02:30:56Z DEBUG response status 204
6064. 2017-05-11T02:30:56Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
6065. 2017-05-11T02:30:56Z DEBUG response body ''
6066. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6067. 2017-05-11T02:30:56Z DEBUG request body ''
6068. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6069. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6070. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6071. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6072. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6073. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6074. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6075. 2017-05-11T02:30:56Z DEBUG response status 204
6076. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=B4630202ADFB2EAE8B190C30A8C2821C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6077. 2017-05-11T02:30:56Z DEBUG response body ''
6078. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6079. 2017-05-11T02:30:56Z DEBUG request body ''
6080. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6081. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6082. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6083. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6084. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6085. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6086. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6087. 2017-05-11T02:30:56Z DEBUG response status 200
6088. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=9C7A84C18AED26B441E0606D19183CD0; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6089. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6090. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6091. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User Dual-Use Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDirUserCert\nclassId=caEnrollImpl\n'
6092. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6093. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6094. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6095. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6096. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6097. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6098. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6099. 2017-05-11T02:30:56Z DEBUG response status 409
6100. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6101. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6102. 2017-05-11T02:30:56Z DEBUG Error migrating 'caDirUserCert': Non-2xx response from CA REST API: 409. Profile already exists
6103. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirUserCert?action=enable
6104. 2017-05-11T02:30:56Z DEBUG request body ''
6105. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6106. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6107. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6108. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6109. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6110. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6111. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6112. 2017-05-11T02:30:56Z DEBUG response status 500
6113. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
6114. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6115. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6116. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6117. 2017-05-11T02:30:56Z DEBUG request body ''
6118. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6119. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6120. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6121. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6122. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6123. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6124. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6125. 2017-05-11T02:30:56Z DEBUG response status 204
6126. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=4DB58D7422000FDE7247C1E996EA7012; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6127. 2017-05-11T02:30:56Z DEBUG response body ''
6128. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6129. 2017-05-11T02:30:56Z DEBUG request body ''
6130. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6131. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6132. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6133. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6134. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6135. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6136. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6137. 2017-05-11T02:30:56Z DEBUG response status 200
6138. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4D57DCACCF60FC91EE60E14043EC7B40; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6139. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6140. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6141. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with directory-based authentication.\nvisible=true\nenable=true\nenableBy=admin\nname=Directory-Authenticated User Dual-Use ECC Certificate Enrollment\nauth.instance_id=UserDirEnrollment\ninput.list=i1\ninput.i1.class_id=keyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=(UID|CN)=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint\npolicyset.userCertSet.10.constraint.params.renewal.graceBefore=30\npolicyset.userCertSet.10.constraint.params.renewal.graceAfter=30\npolicyset.userCertSet.10.default.class_id=noDefaultImpl\npolicyset.userCertSet.10.default.name=No Default\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=EC\npolicyset.userCertSet.3.constraint.params.keyParameters=nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caECDirUserCert\nclassId=caEnrollImpl\n'
6142. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6143. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6144. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6145. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6146. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6147. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6148. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6149. 2017-05-11T02:30:56Z DEBUG response status 409
6150. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6151. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6152. 2017-05-11T02:30:56Z DEBUG Error migrating 'caECDirUserCert': Non-2xx response from CA REST API: 409. Profile already exists
6153. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caECDirUserCert?action=enable
6154. 2017-05-11T02:30:56Z DEBUG request body ''
6155. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6156. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6157. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6158. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6159. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6160. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6161. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6162. 2017-05-11T02:30:56Z DEBUG response status 500
6163. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
6164. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6165. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6166. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6167. 2017-05-11T02:30:56Z DEBUG request body ''
6168. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6169. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6170. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6171. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6172. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6173. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6174. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6175. 2017-05-11T02:30:56Z DEBUG response status 204
6176. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=1ECE2A33B9192764F86287850C43055B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6177. 2017-05-11T02:30:56Z DEBUG response body ''
6178. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6179. 2017-05-11T02:30:56Z DEBUG request body ''
6180. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6181. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6182. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6183. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6184. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6185. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6186. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6187. 2017-05-11T02:30:56Z DEBUG response status 200
6188. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=2B561B9132160098054494DC99D15A3C; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6189. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6190. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6191. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentServerCert\nclassId=caEnrollImpl\n'
6192. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6193. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6194. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6195. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6196. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6197. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6198. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6199. 2017-05-11T02:30:56Z DEBUG response status 409
6200. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6201. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6202. 2017-05-11T02:30:56Z DEBUG Error migrating 'caAgentServerCert': Non-2xx response from CA REST API: 409. Profile already exists
6203. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caAgentServerCert?action=enable
6204. 2017-05-11T02:30:56Z DEBUG request body ''
6205. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6206. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6207. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6208. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6209. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6210. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6211. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6212. 2017-05-11T02:30:56Z DEBUG response status 500
6213. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
6214. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6215. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6216. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6217. 2017-05-11T02:30:56Z DEBUG request body ''
6218. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6219. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6220. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6221. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6222. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6223. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6224. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6225. 2017-05-11T02:30:56Z DEBUG response status 204
6226. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=CE3DF2DEA7CF52AB69EBD7F162AC27FD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6227. 2017-05-11T02:30:56Z DEBUG response body ''
6228. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6229. 2017-05-11T02:30:56Z DEBUG request body ''
6230. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6231. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6232. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6233. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6234. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6235. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6236. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6237. 2017-05-11T02:30:56Z DEBUG response status 200
6238. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=9CD681DA6A0FCFCC1F8DB4094ECFA9B9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6239. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6240. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6241. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for getting file signing certificate with agent authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=AgentCertAuth\nname=Agent-Authenticated File Signing\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=fileSigningInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=pkcs7OutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=(Name)$request.requestor_name$(Text)$request.file_signing_text$(Size)$request.file_signing_size$(DigestType)$request.file_signing_digest_type$(Digest)$request.file_signing_digest$\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.3\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caAgentFileSigning\nclassId=caEnrollImpl\n'
6242. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6243. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6244. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6245. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6246. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6247. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6248. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6249. 2017-05-11T02:30:56Z DEBUG response status 409
6250. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6251. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6252. 2017-05-11T02:30:56Z DEBUG Error migrating 'caAgentFileSigning': Non-2xx response from CA REST API: 409. Profile already exists
6253. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caAgentFileSigning?action=enable
6254. 2017-05-11T02:30:56Z DEBUG request body ''
6255. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6256. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6257. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6258. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6259. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6260. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6261. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6262. 2017-05-11T02:30:56Z DEBUG response status 500
6263. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
6264. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6265. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6266. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6267. 2017-05-11T02:30:56Z DEBUG request body ''
6268. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6269. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6270. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6271. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6272. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6273. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6274. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6275. 2017-05-11T02:30:56Z DEBUG response status 204
6276. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=2D7D3FE8C58A3A3549F2193A93AD081D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6277. 2017-05-11T02:30:56Z DEBUG response body ''
6278. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6279. 2017-05-11T02:30:56Z DEBUG request body ''
6280. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6281. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6282. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6283. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6284. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6285. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6286. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6287. 2017-05-11T02:30:56Z DEBUG response status 200
6288. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=AF482EB5E6832413CCCFECBE97A2AD9D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6289. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6290. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6291. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nvisible=true\nenable=true\nenableBy=admin\nauth.instance_id=CMCAuth\nauthz.acl=group="Certificate Manager Agents"\nname=Signed CMC-Authenticated User Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caCMCUserCert\nclassId=caEnrollImpl\n'
6292. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6293. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6294. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6295. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6296. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6297. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6298. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6299. 2017-05-11T02:30:56Z DEBUG response status 409
6300. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6301. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6302. 2017-05-11T02:30:56Z DEBUG Error migrating 'caCMCUserCert': Non-2xx response from CA REST API: 409. Profile already exists
6303. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caCMCUserCert?action=enable
6304. 2017-05-11T02:30:56Z DEBUG request body ''
6305. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6306. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6307. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6308. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6309. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6310. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6311. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6312. 2017-05-11T02:30:56Z DEBUG response status 500
6313. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
6314. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6315. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6316. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6317. 2017-05-11T02:30:56Z DEBUG request body ''
6318. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6319. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6320. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6321. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6322. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6323. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6324. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6325. 2017-05-11T02:30:56Z DEBUG response status 204
6326. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=3B88E13CD74865938C20B0E3E9A76830; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6327. 2017-05-11T02:30:56Z DEBUG response body ''
6328. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6329. 2017-05-11T02:30:56Z DEBUG request body ''
6330. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6331. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6332. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6333. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6334. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6335. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6336. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6337. 2017-05-11T02:30:56Z DEBUG response status 200
6338. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=1C8104F02E73AD311EDA8A0A8105D796; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6339. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6340. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6341. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Signed CMC-Authenticated User Certificate Enrollment\nvisible=false\nauth.instance_id=CMCAuth\ninput.list=i1,i2\ninput.i1.class_id=cmcCertReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caFullCMCUserCert\nclassId=caEnrollImpl\n'
6342. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6343. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6344. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6345. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6346. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6347. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6348. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6349. 2017-05-11T02:30:56Z DEBUG response status 409
6350. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6351. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6352. 2017-05-11T02:30:56Z DEBUG Error migrating 'caFullCMCUserCert': Non-2xx response from CA REST API: 409. Profile already exists
6353. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caFullCMCUserCert?action=enable
6354. 2017-05-11T02:30:56Z DEBUG request body ''
6355. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6356. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6357. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6358. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6359. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6360. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6361. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6362. 2017-05-11T02:30:56Z DEBUG response status 500
6363. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
6364. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6365. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6366. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6367. 2017-05-11T02:30:56Z DEBUG request body ''
6368. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6369. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6370. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6371. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6372. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6373. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6374. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6375. 2017-05-11T02:30:56Z DEBUG response status 204
6376. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=6FD84914A9C240372D4C712BBCB7612B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6377. 2017-05-11T02:30:56Z DEBUG response body ''
6378. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6379. 2017-05-11T02:30:56Z DEBUG request body ''
6380. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6381. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6382. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6383. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6384. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6385. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6386. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6387. 2017-05-11T02:30:56Z DEBUG response status 200
6388. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=CF7E6E4E53FB8AFEF7983D37C3F1B9B6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6389. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6390. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6391. 2017-05-11T02:30:56Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.\nenable=true\nenableBy=admin\nname=Simple CMC Enrollment Request for User Certificate\nvisible=false\nauth.instance_id=\ninput.list=i1\ninput.i1.class_id=certReqInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=cmcUserCertSet\npolicyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8\npolicyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint\npolicyset.cmcUserCertSet.1.constraint.params.accept=true\npolicyset.cmcUserCertSet.1.constraint.params.pattern=.*\npolicyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.cmcUserCertSet.1.default.name=Subject Name Default\npolicyset.cmcUserCertSet.1.default.params.name=\npolicyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.cmcUserCertSet.2.constraint.name=Validity Constraint\npolicyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.cmcUserCertSet.2.constraint.params.range=365\npolicyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl\npolicyset.cmcUserCertSet.2.default.name=Validity Default\npolicyset.cmcUserCertSet.2.default.params.range=180\npolicyset.cmcUserCertSet.2.default.params.startTime=0\npolicyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.cmcUserCertSet.3.constraint.name=Key Constraint\npolicyset.cmcUserCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp521\npolicyset.cmcUserCertSet.3.constraint.params.keyType=-\npolicyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.cmcUserCertSet.3.default.name=Key Default\npolicyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.4.constraint.name=No Constraint\npolicyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default\npolicyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.5.constraint.name=No Constraint\npolicyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.cmcUserCertSet.5.default.name=AIA Extension Default\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.6.default.name=Key Usage Default\npolicyset.cmcUserCertSet.6.default.params.keyUsageCritical=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.cmcUserCertSet.7.constraint.name=No Constraint\npolicyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.cmcUserCertSet.8.constraint.name=No Constraint\npolicyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.cmcUserCertSet.8.default.name=Signing Alg\npolicyset.cmcUserCertSet.8.default.params.signingAlg=-\nprofileId=caSimpleCMCUserCert\nclassId=caEnrollImpl\n'
6392. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6393. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6394. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6395. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6396. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6397. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6398. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6399. 2017-05-11T02:30:56Z DEBUG response status 409
6400. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6401. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6402. 2017-05-11T02:30:56Z DEBUG Error migrating 'caSimpleCMCUserCert': Non-2xx response from CA REST API: 409. Profile already exists
6403. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSimpleCMCUserCert?action=enable
6404. 2017-05-11T02:30:56Z DEBUG request body ''
6405. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6406. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6407. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6408. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6409. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6410. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6411. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6412. 2017-05-11T02:30:56Z DEBUG response status 500
6413. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
6414. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6415. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6416. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6417. 2017-05-11T02:30:56Z DEBUG request body ''
6418. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6419. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6420. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6421. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6422. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6423. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6424. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6425. 2017-05-11T02:30:56Z DEBUG response status 204
6426. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=2BE472BB444277B32F8D6EA35B4A2C66; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6427. 2017-05-11T02:30:56Z DEBUG response body ''
6428. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6429. 2017-05-11T02:30:56Z DEBUG request body ''
6430. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6431. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6432. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6433. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6434. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6435. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6436. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6437. 2017-05-11T02:30:56Z DEBUG response status 200
6438. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=FDC5F023E7559B3381BC375561A7F3A8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6439. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6440. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6441. 2017-05-11T02:30:56Z DEBUG request body 'desc=This profile is for enrolling token device keys\nenable=true\nenableBy=admin\nlastModified=1068835451090\nname=Token Device Key Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsHKeyCertReqInputImpl\ninput.i1.name=nsHKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\nprofileId=caTokenDeviceKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
6442. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6443. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6444. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6445. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6446. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6447. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6448. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6449. 2017-05-11T02:30:56Z DEBUG response status 409
6450. 2017-05-11T02:30:56Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6451. 2017-05-11T02:30:56Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6452. 2017-05-11T02:30:56Z DEBUG Error migrating 'caTokenDeviceKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
6453. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenDeviceKeyEnrollment?action=enable
6454. 2017-05-11T02:30:56Z DEBUG request body ''
6455. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6456. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6457. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6458. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6459. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6460. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6461. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6462. 2017-05-11T02:30:56Z DEBUG response status 500
6463. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
6464. 2017-05-11T02:30:56Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6465. 2017-05-11T02:30:56Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6466. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6467. 2017-05-11T02:30:56Z DEBUG request body ''
6468. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6469. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6470. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6471. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6472. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6473. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6474. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6475. 2017-05-11T02:30:56Z DEBUG response status 204
6476. 2017-05-11T02:30:56Z DEBUG response headers {'set-cookie': 'JSESSIONID=9B06D2FCFA60AECF08D6ABC2CEF78018; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6477. 2017-05-11T02:30:56Z DEBUG response body ''
6478. 2017-05-11T02:30:56Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6479. 2017-05-11T02:30:56Z DEBUG request body ''
6480. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6481. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6482. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6483. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6484. 2017-05-11T02:30:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
6485. 2017-05-11T02:30:56Z DEBUG Protocol: TLS1.2
6486. 2017-05-11T02:30:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6487. 2017-05-11T02:30:56Z DEBUG response status 200
6488. 2017-05-11T02:30:56Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=9437F8FA146FEF5CFD475641827E2AE6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6489. 2017-05-11T02:30:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6490. 2017-05-11T02:30:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6491. 2017-05-11T02:30:56Z DEBUG request body 'desc=This profile is for enrolling Token Encryption key\nenable=true\nenableBy=admin\nname=Token User Encryption Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserEncryptionKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
6492. 2017-05-11T02:30:56Z DEBUG NSSConnection init ipa.rdlg.net
6493. 2017-05-11T02:30:56Z DEBUG Connecting: 172.20.0.200:0
6494. 2017-05-11T02:30:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6495. 2017-05-11T02:30:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6496. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6497. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6498. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6499. 2017-05-11T02:30:57Z DEBUG response status 409
6500. 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6501. 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6502. 2017-05-11T02:30:57Z DEBUG Error migrating 'caTokenUserEncryptionKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
6503. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserEncryptionKeyEnrollment?action=enable
6504. 2017-05-11T02:30:57Z DEBUG request body ''
6505. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6506. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6507. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6508. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6509. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6510. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6511. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6512. 2017-05-11T02:30:57Z DEBUG response status 500
6513. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
6514. 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6515. 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6516. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6517. 2017-05-11T02:30:57Z DEBUG request body ''
6518. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6519. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6520. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6521. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6522. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6523. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6524. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6525. 2017-05-11T02:30:57Z DEBUG response status 204
6526. 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=DFE9079E7F5FD62A94071476230CA852; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6527. 2017-05-11T02:30:57Z DEBUG response body ''
6528. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6529. 2017-05-11T02:30:57Z DEBUG request body ''
6530. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6531. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6532. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6533. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6534. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6535. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6536. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6537. 2017-05-11T02:30:57Z DEBUG response status 200
6538. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=F98D279C285CD70D28E715CD7399B8F8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/xml'}
6539. 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6540. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6541. 2017-05-11T02:30:57Z DEBUG request body 'desc=This profile is for enrolling Token Signing key\nenable=true\nenableBy=admin\nname=Token User Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
6542. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6543. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6544. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6545. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6546. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6547. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6548. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6549. 2017-05-11T02:30:57Z DEBUG response status 409
6550. 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6551. 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6552. 2017-05-11T02:30:57Z DEBUG Error migrating 'caTokenUserSigningKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
6553. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserSigningKeyEnrollment?action=enable
6554. 2017-05-11T02:30:57Z DEBUG request body ''
6555. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6556. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6557. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6558. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6559. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6560. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6561. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6562. 2017-05-11T02:30:57Z DEBUG response status 500
6563. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:56 GMT', 'content-type': 'text/html;charset=utf-8'}
6564. 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6565. 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6566. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6567. 2017-05-11T02:30:57Z DEBUG request body ''
6568. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6569. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6570. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6571. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6572. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6573. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6574. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6575. 2017-05-11T02:30:57Z DEBUG response status 204
6576. 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=3DC19B40923D5438BAF4727C52684832; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6577. 2017-05-11T02:30:57Z DEBUG response body ''
6578. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6579. 2017-05-11T02:30:57Z DEBUG request body ''
6580. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6581. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6582. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6583. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6584. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6585. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6586. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6587. 2017-05-11T02:30:57Z DEBUG response status 200
6588. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=883F6A8FAC216E5F9248B0E2C2E242DE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6589. 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6590. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6591. 2017-05-11T02:30:57Z DEBUG request body 'desc=This profile is for enrolling token device keys\nenable=true\nenableBy=admin\nlastModified=1068835451090\nname=Temporary Device Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsHKeyCertReqInputImpl\ninput.i1.name=nsHKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6\npolicyset.set1.list=p2,p4,p5,p1,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p3.constraint.class_id=noConstraintImpl\npolicyset.set1.p3.constraint.name=No Constraint\npolicyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p3.default.params.crlDistPointsCritical=false\npolicyset.set1.p3.default.params.crlDistPointsNum=1\npolicyset.set1.p3.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p3.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p3.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p3.default.params.crlDistPointsPointName_0=\npolicyset.set1.p3.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p3.default.params.crlDistPointsReasons_0=\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\nprofileId=caTempTokenDeviceKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
6592. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6593. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6594. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6595. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6596. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6597. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6598. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6599. 2017-05-11T02:30:57Z DEBUG response status 409
6600. 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6601. 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6602. 2017-05-11T02:30:57Z DEBUG Error migrating 'caTempTokenDeviceKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
6603. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTempTokenDeviceKeyEnrollment?action=enable
6604. 2017-05-11T02:30:57Z DEBUG request body ''
6605. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6606. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6607. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6608. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6609. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6610. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6611. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6612. 2017-05-11T02:30:57Z DEBUG response status 500
6613. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
6614. 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6615. 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6616. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6617. 2017-05-11T02:30:57Z DEBUG request body ''
6618. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6619. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6620. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6621. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6622. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6623. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6624. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6625. 2017-05-11T02:30:57Z DEBUG response status 204
6626. 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=C8AF81894DBD5B3F48B5EC13FC05C23F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6627. 2017-05-11T02:30:57Z DEBUG response body ''
6628. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6629. 2017-05-11T02:30:57Z DEBUG request body ''
6630. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6631. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6632. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6633. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6634. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6635. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6636. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6637. 2017-05-11T02:30:57Z DEBUG response status 200
6638. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=E2A5AFDAD0966FDAB7896AAB4B1C72F4; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6639. 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6640. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6641. 2017-05-11T02:30:57Z DEBUG request body 'desc=This profile is for enrolling Token Encryption key\nenable=true\nenableBy=admin\nname=Temporary Token User Encryption Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\n#uncomment below to support SMIME\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=false\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTempTokenUserEncryptionKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
6642. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6643. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6644. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6645. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6646. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6647. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6648. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6649. 2017-05-11T02:30:57Z DEBUG response status 409
6650. 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6651. 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6652. 2017-05-11T02:30:57Z DEBUG Error migrating 'caTempTokenUserEncryptionKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
6653. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTempTokenUserEncryptionKeyEnrollment?action=enable
6654. 2017-05-11T02:30:57Z DEBUG request body ''
6655. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6656. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6657. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6658. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6659. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6660. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6661. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6662. 2017-05-11T02:30:57Z DEBUG response status 500
6663. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
6664. 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6665. 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6666. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6667. 2017-05-11T02:30:57Z DEBUG request body ''
6668. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6669. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6670. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6671. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6672. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6673. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6674. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6675. 2017-05-11T02:30:57Z DEBUG response status 204
6676. 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=D449ADF4D5669ABDAC708B467929C066; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6677. 2017-05-11T02:30:57Z DEBUG response body ''
6678. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6679. 2017-05-11T02:30:57Z DEBUG request body ''
6680. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6681. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6682. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6683. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6684. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6685. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6686. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6687. 2017-05-11T02:30:57Z DEBUG response status 200
6688. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=5D2ACF73880B53880AA3ED5AEF87086B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6689. 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6690. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6691. 2017-05-11T02:30:57Z DEBUG request body 'desc=This profile is for enrolling Token Signing key\nenable=true\nenableBy=admin\nname=Temporary Token User Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\n#uncomment below to support SMIME\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=7\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTempTokenUserSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
6692. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6693. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6694. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6695. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6696. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6697. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6698. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6699. 2017-05-11T02:30:57Z DEBUG response status 409
6700. 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6701. 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6702. 2017-05-11T02:30:57Z DEBUG Error migrating 'caTempTokenUserSigningKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
6703. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTempTokenUserSigningKeyEnrollment?action=enable
6704. 2017-05-11T02:30:57Z DEBUG request body ''
6705. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6706. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6707. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6708. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6709. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6710. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6711. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6712. 2017-05-11T02:30:57Z DEBUG response status 500
6713. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
6714. 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6715. 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6716. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6717. 2017-05-11T02:30:57Z DEBUG request body ''
6718. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6719. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6720. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6721. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6722. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6723. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6724. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6725. 2017-05-11T02:30:57Z DEBUG response status 204
6726. 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=4E4F1A376ABCA848816DECD8DDA946E3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6727. 2017-05-11T02:30:57Z DEBUG response body ''
6728. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6729. 2017-05-11T02:30:57Z DEBUG request body ''
6730. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6731. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6732. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6733. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6734. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6735. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6736. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6737. 2017-05-11T02:30:57Z DEBUG response status 200
6738. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=70EB3239CE3341AB55AA6216A1C27A14; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6739. 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6740. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6741. 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain administrator\'s certificates with LDAP authentication against the internal LDAP database.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Administrator Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=adminCertSet\npolicyset.adminCertSet.list=1,2,3,4,5,6,7,8\npolicyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.adminCertSet.1.constraint.name=Subject Name Constraint\npolicyset.adminCertSet.1.constraint.params.pattern=.*\npolicyset.adminCertSet.1.constraint.params.accept=true\npolicyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.adminCertSet.1.default.name=Subject Name Default\npolicyset.adminCertSet.1.default.params.name=\npolicyset.adminCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.adminCertSet.2.constraint.name=Validity Constraint\npolicyset.adminCertSet.2.constraint.params.range=365\npolicyset.adminCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.adminCertSet.2.constraint.params.notAfterCheck=false\npolicyset.adminCertSet.2.default.class_id=validityDefaultImpl\npolicyset.adminCertSet.2.default.name=Validity Default\npolicyset.adminCertSet.2.default.params.range=365\npolicyset.adminCertSet.2.default.params.startTime=0\npolicyset.adminCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.adminCertSet.3.constraint.name=Key Constraint\npolicyset.adminCertSet.3.constraint.params.keyType=-\npolicyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.adminCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.adminCertSet.3.default.name=Key Default\npolicyset.adminCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.4.constraint.name=No Constraint\npolicyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.adminCertSet.4.default.name=Authority Key Identifier Default\npolicyset.adminCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.5.constraint.name=No Constraint\npolicyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.adminCertSet.5.default.name=AIA Extension Default\npolicyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.adminCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.adminCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.adminCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.adminCertSet.6.default.name=Key Usage Default\npolicyset.adminCertSet.6.default.params.keyUsageCritical=true\npolicyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.adminCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.adminCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.adminCertSet.7.constraint.name=No Constraint\npolicyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.adminCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.adminCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.adminCertSet.8.constraint.name=No Constraint\npolicyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.adminCertSet.8.default.name=Signing Alg\npolicyset.adminCertSet.8.default.params.signingAlg=-\nprofileId=caAdminCert\nclassId=caEnrollImpl\n'
6742. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6743. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6744. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6745. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6746. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6747. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6748. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6749. 2017-05-11T02:30:57Z DEBUG response status 409
6750. 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6751. 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6752. 2017-05-11T02:30:57Z DEBUG Error migrating 'caAdminCert': Non-2xx response from CA REST API: 409. Profile already exists
6753. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caAdminCert?action=enable
6754. 2017-05-11T02:30:57Z DEBUG request body ''
6755. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6756. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6757. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6758. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6759. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6760. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6761. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6762. 2017-05-11T02:30:57Z DEBUG response status 500
6763. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
6764. 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6765. 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6766. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6767. 2017-05-11T02:30:57Z DEBUG request body ''
6768. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6769. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6770. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6771. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6772. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6773. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6774. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6775. 2017-05-11T02:30:57Z DEBUG response status 204
6776. 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=DC86AE42F7996F325C549F8A880EFC7D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6777. 2017-05-11T02:30:57Z DEBUG response body ''
6778. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6779. 2017-05-11T02:30:57Z DEBUG request body ''
6780. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6781. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6782. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6783. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6784. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6785. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6786. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6787. 2017-05-11T02:30:57Z DEBUG response status 200
6788. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=B1F6A17F89680118863AE4B614ECC6D3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6789. 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6790. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6791. 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain server certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\n# allows SAN to be specified from client side\n# need to:\n# 1. add i3 to input.list above\n# 2. add 9 to policyset.serverCertSet.list above\n# 3. change below to reflect the number of general names, and\n# turn each corresponding subjAltExtPattern_<num> to true\n# policyset.serverCertSet.9.default.params.subjAltNameNumGNs\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.serverCertSet.9.default.name=Subject Alternative Name Extension Default\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_0=true\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.serverCertSet.9.default.params.subjAltExtType_0=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_1=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_1=$request.req_san_pattern_1$\npolicyset.serverCertSet.9.default.params.subjAltExtType_1=DNSName\npolicyset.serverCertSet.9.default.params.subjAltExtGNEnable_2=false\npolicyset.serverCertSet.9.default.params.subjAltExtPattern_2=$request.req_san_pattern_2$\npolicyset.serverCertSet.9.default.params.subjAltExtType_2=DNSName\npolicyset.serverCertSet.9.default.params.subjAltNameExtCritical=false\npolicyset.serverCertSet.9.default.params.subjAltNameNumGNs=1\nprofileId=caInternalAuthServerCert\nclassId=caEnrollImpl\n'
6792. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6793. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6794. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6795. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6796. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6797. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6798. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6799. 2017-05-11T02:30:57Z DEBUG response status 409
6800. 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6801. 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6802. 2017-05-11T02:30:57Z DEBUG Error migrating 'caInternalAuthServerCert': Non-2xx response from CA REST API: 409. Profile already exists
6803. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthServerCert?action=enable
6804. 2017-05-11T02:30:57Z DEBUG request body ''
6805. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6806. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6807. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6808. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6809. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6810. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6811. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6812. 2017-05-11T02:30:57Z DEBUG response status 500
6813. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
6814. 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6815. 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6816. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6817. 2017-05-11T02:30:57Z DEBUG request body ''
6818. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6819. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6820. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6821. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6822. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6823. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6824. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6825. 2017-05-11T02:30:57Z DEBUG response status 204
6826. 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=61DBF58D7CDCFEADF13A3702717B4394; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6827. 2017-05-11T02:30:57Z DEBUG response body ''
6828. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6829. 2017-05-11T02:30:57Z DEBUG request body ''
6830. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6831. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6832. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6833. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6834. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6835. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6836. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6837. 2017-05-11T02:30:57Z DEBUG response status 200
6838. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=C6818A844D8CFB9998CAD332D8D12174; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6839. 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6840. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6841. 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain Data Recovery Manager transport certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Data Recovery Manager Transport Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=transportCertSet\npolicyset.transportCertSet.list=1,2,3,4,5,6,7,8\npolicyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.transportCertSet.1.constraint.name=Subject Name Constraint\npolicyset.transportCertSet.1.constraint.params.pattern=CN=.*\npolicyset.transportCertSet.1.constraint.params.accept=true\npolicyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.transportCertSet.1.default.name=Subject Name Default\npolicyset.transportCertSet.1.default.params.name=\npolicyset.transportCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.transportCertSet.2.constraint.name=Validity Constraint\npolicyset.transportCertSet.2.constraint.params.range=720\npolicyset.transportCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.transportCertSet.2.constraint.params.notAfterCheck=false\npolicyset.transportCertSet.2.default.class_id=validityDefaultImpl\npolicyset.transportCertSet.2.default.name=Validity Default\npolicyset.transportCertSet.2.default.params.range=720\npolicyset.transportCertSet.2.default.params.startTime=0\npolicyset.transportCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.transportCertSet.3.constraint.name=Key Constraint\npolicyset.transportCertSet.3.constraint.params.keyType=-\npolicyset.transportCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.transportCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.transportCertSet.3.default.name=Key Default\npolicyset.transportCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.4.constraint.name=No Constraint\npolicyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.transportCertSet.4.default.name=Authority Key Identifier Default\npolicyset.transportCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.5.constraint.name=No Constraint\npolicyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.transportCertSet.5.default.name=AIA Extension Default\npolicyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.transportCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.transportCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.transportCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.transportCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.transportCertSet.6.default.name=Key Usage Default\npolicyset.transportCertSet.6.default.params.keyUsageCritical=true\npolicyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.transportCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.transportCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.transportCertSet.7.constraint.name=No Constraint\npolicyset.transportCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.transportCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.transportCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.transportCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.transportCertSet.8.constraint.name=No Constraint\npolicyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.transportCertSet.8.default.name=Signing Alg\npolicyset.transportCertSet.8.default.params.signingAlg=-\nprofileId=caInternalAuthTransportCert\nclassId=caEnrollImpl\n'
6842. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6843. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6844. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6845. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6846. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6847. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6848. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6849. 2017-05-11T02:30:57Z DEBUG response status 409
6850. 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6851. 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6852. 2017-05-11T02:30:57Z DEBUG Error migrating 'caInternalAuthTransportCert': Non-2xx response from CA REST API: 409. Profile already exists
6853. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthTransportCert?action=enable
6854. 2017-05-11T02:30:57Z DEBUG request body ''
6855. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6856. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6857. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6858. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6859. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6860. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6861. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6862. 2017-05-11T02:30:57Z DEBUG response status 500
6863. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
6864. 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6865. 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6866. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6867. 2017-05-11T02:30:57Z DEBUG request body ''
6868. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6869. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6870. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6871. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6872. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6873. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6874. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6875. 2017-05-11T02:30:57Z DEBUG response status 204
6876. 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=4DA27EEE6330057DD3713E9376672FD9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6877. 2017-05-11T02:30:57Z DEBUG response body ''
6878. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6879. 2017-05-11T02:30:57Z DEBUG request body ''
6880. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6881. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6882. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6883. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6884. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6885. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6886. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6887. 2017-05-11T02:30:57Z DEBUG response status 200
6888. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4BC1E6A8C91A070E772016ED416D5016; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6889. 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6890. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6891. 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain DRM storage certificates\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain DRM storage Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=drmStorageCertSet\npolicyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9\npolicyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint\npolicyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*\npolicyset.drmStorageCertSet.1.constraint.params.accept=true\npolicyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.drmStorageCertSet.1.default.name=Subject Name Default\npolicyset.drmStorageCertSet.1.default.params.name=\npolicyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.drmStorageCertSet.2.constraint.name=Validity Constraint\npolicyset.drmStorageCertSet.2.constraint.params.range=720\npolicyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false\npolicyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl\npolicyset.drmStorageCertSet.2.default.name=Validity Default\npolicyset.drmStorageCertSet.2.default.params.range=720\npolicyset.drmStorageCertSet.2.default.params.startTime=0\npolicyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.drmStorageCertSet.3.constraint.name=Key Constraint\npolicyset.drmStorageCertSet.3.constraint.params.keyType=-\npolicyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.drmStorageCertSet.3.default.name=Key Default\npolicyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.4.constraint.name=No Constraint\npolicyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default\npolicyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.5.constraint.name=No Constraint\npolicyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.drmStorageCertSet.5.default.name=AIA Extension Default\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.6.default.name=Key Usage Default\npolicyset.drmStorageCertSet.6.default.params.keyUsageCritical=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.drmStorageCertSet.7.constraint.name=No Constraint\npolicyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.drmStorageCertSet.9.constraint.name=No Constraint\npolicyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.drmStorageCertSet.9.default.name=Signing Alg\npolicyset.drmStorageCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthDRMstorageCert\nclassId=caEnrollImpl\n'
6892. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6893. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6894. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6895. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6896. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6897. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6898. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6899. 2017-05-11T02:30:57Z DEBUG response status 409
6900. 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6901. 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6902. 2017-05-11T02:30:57Z DEBUG Error migrating 'caInternalAuthDRMstorageCert': Non-2xx response from CA REST API: 409. Profile already exists
6903. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthDRMstorageCert?action=enable
6904. 2017-05-11T02:30:57Z DEBUG request body ''
6905. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6906. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6907. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6908. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6909. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6910. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6911. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6912. 2017-05-11T02:30:57Z DEBUG response status 500
6913. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
6914. 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6915. 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6916. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6917. 2017-05-11T02:30:57Z DEBUG request body ''
6918. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6919. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6920. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6921. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6922. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6923. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6924. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6925. 2017-05-11T02:30:57Z DEBUG response status 204
6926. 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=AB136A40B274663299A1CB9D25977FFA; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6927. 2017-05-11T02:30:57Z DEBUG response body ''
6928. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6929. 2017-05-11T02:30:57Z DEBUG request body ''
6930. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6931. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6932. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6933. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6934. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6935. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6936. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6937. 2017-05-11T02:30:57Z DEBUG response status 200
6938. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=68D933C7C8EDB1C07C15243E7E408CE0; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6939. 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6940. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6941. 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain subsystem certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain Subsystem Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nupdater.list=u1\nupdater.u1.class_id=subsystemGroupUpdaterImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=720\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=720\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=-\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caInternalAuthSubsystemCert\nclassId=caEnrollImpl\n'
6942. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6943. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6944. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6945. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6946. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6947. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6948. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6949. 2017-05-11T02:30:57Z DEBUG response status 409
6950. 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
6951. 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
6952. 2017-05-11T02:30:57Z DEBUG Error migrating 'caInternalAuthSubsystemCert': Non-2xx response from CA REST API: 409. Profile already exists
6953. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthSubsystemCert?action=enable
6954. 2017-05-11T02:30:57Z DEBUG request body ''
6955. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6956. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6957. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6958. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6959. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6960. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6961. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6962. 2017-05-11T02:30:57Z DEBUG response status 500
6963. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
6964. 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
6965. 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
6966. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
6967. 2017-05-11T02:30:57Z DEBUG request body ''
6968. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6969. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6970. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6971. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6972. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6973. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6974. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6975. 2017-05-11T02:30:57Z DEBUG response status 204
6976. 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=CF15E6D47184538AF19B6D586ACD1893; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6977. 2017-05-11T02:30:57Z DEBUG response body ''
6978. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
6979. 2017-05-11T02:30:57Z DEBUG request body ''
6980. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6981. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6982. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6983. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6984. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6985. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6986. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6987. 2017-05-11T02:30:57Z DEBUG response status 200
6988. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=6CF87AF0A1C18DF0372050476C72C77D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
6989. 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
6990. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
6991. 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling Security Domain OCSP Manager certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Security Domain OCSP Manager Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=ocspCertSet\npolicyset.ocspCertSet.list=1,2,3,4,5,6,8,9\npolicyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.ocspCertSet.1.constraint.name=Subject Name Constraint\npolicyset.ocspCertSet.1.constraint.params.pattern=CN=.*\npolicyset.ocspCertSet.1.constraint.params.accept=true\npolicyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.ocspCertSet.1.default.name=Subject Name Default\npolicyset.ocspCertSet.1.default.params.name=\npolicyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.ocspCertSet.2.constraint.name=Validity Constraint\npolicyset.ocspCertSet.2.constraint.params.range=720\npolicyset.ocspCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.ocspCertSet.2.constraint.params.notAfterCheck=false\npolicyset.ocspCertSet.2.default.class_id=validityDefaultImpl\npolicyset.ocspCertSet.2.default.name=Validity Default\npolicyset.ocspCertSet.2.default.params.range=720\npolicyset.ocspCertSet.2.default.params.startTime=0\npolicyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.ocspCertSet.3.constraint.name=Key Constraint\npolicyset.ocspCertSet.3.constraint.params.keyType=-\npolicyset.ocspCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.ocspCertSet.3.default.name=Key Default\npolicyset.ocspCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.4.constraint.name=No Constraint\npolicyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.ocspCertSet.4.default.name=Authority Key Identifier Default\npolicyset.ocspCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.ocspCertSet.5.constraint.name=No Constraint\npolicyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.ocspCertSet.5.default.name=AIA Extension Default\npolicyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.ocspCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl\npolicyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.ocspCertSet.6.default.name=Extended Key Usage Default\npolicyset.ocspCertSet.6.default.params.exKeyUsageCritical=false\npolicyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9\npolicyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl\npolicyset.ocspCertSet.8.constraint.name=No Constraint\npolicyset.ocspCertSet.8.constraint.params.extCritical=false\npolicyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5\npolicyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl\npolicyset.ocspCertSet.8.default.name=OCSP No Check Extension\npolicyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false\npolicyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.ocspCertSet.9.constraint.name=No Constraint\npolicyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.ocspCertSet.9.default.name=Signing Alg\npolicyset.ocspCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthOCSPCert\nclassId=caEnrollImpl\n'
6992. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
6993. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
6994. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
6995. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
6996. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
6997. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
6998. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
6999. 2017-05-11T02:30:57Z DEBUG response status 409
7000. 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7001. 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7002. 2017-05-11T02:30:57Z DEBUG Error migrating 'caInternalAuthOCSPCert': Non-2xx response from CA REST API: 409. Profile already exists
7003. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthOCSPCert?action=enable
7004. 2017-05-11T02:30:57Z DEBUG request body ''
7005. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
7006. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
7007. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7008. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7009. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
7010. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
7011. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7012. 2017-05-11T02:30:57Z DEBUG response status 500
7013. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
7014. 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7015. 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7016. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7017. 2017-05-11T02:30:57Z DEBUG request body ''
7018. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
7019. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
7020. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7021. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7022. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
7023. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
7024. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7025. 2017-05-11T02:30:57Z DEBUG response status 204
7026. 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=D1266F02201DEBDDBF314C30BE773E8A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
7027. 2017-05-11T02:30:57Z DEBUG response body ''
7028. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7029. 2017-05-11T02:30:57Z DEBUG request body ''
7030. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
7031. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
7032. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7033. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7034. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
7035. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
7036. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7037. 2017-05-11T02:30:57Z DEBUG response status 200
7038. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=9FE1EDC77F728F102276CD1993A6FC92; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
7039. 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7040. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7041. 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling audit signing certificates.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=TokenAuth\nauthz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"\nname=Audit Signing Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=auditSigningCertSet\npolicyset.auditSigningCertSet.list=1,2,3,4,5,6,9\npolicyset.auditSigningCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.auditSigningCertSet.1.constraint.name=Subject Name Constraint\npolicyset.auditSigningCertSet.1.constraint.params.pattern=CN=.*\npolicyset.auditSigningCertSet.1.constraint.params.accept=true\npolicyset.auditSigningCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.auditSigningCertSet.1.default.name=Subject Name Default\npolicyset.auditSigningCertSet.1.default.params.name=\npolicyset.auditSigningCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.auditSigningCertSet.2.constraint.name=Validity Constraint\npolicyset.auditSigningCertSet.2.constraint.params.range=720\npolicyset.auditSigningCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.auditSigningCertSet.2.constraint.params.notAfterCheck=false\npolicyset.auditSigningCertSet.2.default.class_id=validityDefaultImpl\npolicyset.auditSigningCertSet.2.default.name=Validity Default\npolicyset.auditSigningCertSet.2.default.params.range=720\npolicyset.auditSigningCertSet.2.default.params.startTime=0\npolicyset.auditSigningCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.auditSigningCertSet.3.constraint.name=Key Constraint\npolicyset.auditSigningCertSet.3.constraint.params.keyType=-\npolicyset.auditSigningCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.auditSigningCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.auditSigningCertSet.3.default.name=Key Default\npolicyset.auditSigningCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.4.constraint.name=No Constraint\npolicyset.auditSigningCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.auditSigningCertSet.4.default.name=Authority Key Identifier Default\npolicyset.auditSigningCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.auditSigningCertSet.5.constraint.name=No Constraint\npolicyset.auditSigningCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.auditSigningCertSet.5.default.name=AIA Extension Default\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.auditSigningCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.auditSigningCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.auditSigningCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.auditSigningCertSet.6.default.name=Key Usage Default\npolicyset.auditSigningCertSet.6.default.params.keyUsageCritical=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.auditSigningCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.auditSigningCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.auditSigningCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.auditSigningCertSet.9.constraint.name=No Constraint\npolicyset.auditSigningCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.auditSigningCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.auditSigningCertSet.9.default.name=Signing Alg\npolicyset.auditSigningCertSet.9.default.params.signingAlg=-\nprofileId=caInternalAuthAuditSigningCert\nclassId=caEnrollImpl\n'
7042. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
7043. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
7044. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7045. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7046. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
7047. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
7048. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7049. 2017-05-11T02:30:57Z DEBUG response status 409
7050. 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7051. 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7052. 2017-05-11T02:30:57Z DEBUG Error migrating 'caInternalAuthAuditSigningCert': Non-2xx response from CA REST API: 409. Profile already exists
7053. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caInternalAuthAuditSigningCert?action=enable
7054. 2017-05-11T02:30:57Z DEBUG request body ''
7055. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
7056. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
7057. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7058. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7059. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
7060. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
7061. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7062. 2017-05-11T02:30:57Z DEBUG response status 500
7063. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
7064. 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7065. 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7066. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7067. 2017-05-11T02:30:57Z DEBUG request body ''
7068. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
7069. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
7070. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7071. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7072. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
7073. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
7074. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7075. 2017-05-11T02:30:57Z DEBUG response status 204
7076. 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=B6952DBB1B81786382651460280E74C6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
7077. 2017-05-11T02:30:57Z DEBUG response body ''
7078. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7079. 2017-05-11T02:30:57Z DEBUG request body ''
7080. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
7081. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
7082. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7083. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7084. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
7085. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
7086. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7087. 2017-05-11T02:30:57Z DEBUG response status 200
7088. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=1AB851486467D4B420A95EC67A31D771; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
7089. 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7090. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7091. 2017-05-11T02:30:57Z DEBUG request body "desc=This profile is for enrolling Domain Controller Certificate\nenable=true\nenableBy=admin\nname=Domain Controller\nvisible=true\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=genericInputImpl\ninput.i3.params.gi_display_name0=ccm\ninput.i3.params.gi_param_enable0=true\ninput.i3.params.gi_param_name0=ccm\ninput.i3.params.gi_display_name1=GUID\ninput.i3.params.gi_param_enable1=true\ninput.i3.params.gi_param_name1=GUID\ninput.i3.params.gi_num=2\noutput.list=o1,o2\noutput.o1.class_id=certOutputImpl\noutput.o2.class_id=pkcs7OutputImpl\npolicyset.list=set1\npolicyset.set1.list=p2,p4,p5,subj,p6,p8,p9,p12,eku,gen,crldp\npolicyset.set1.subj.constraint.class_id=noConstraintImpl\npolicyset.set1.subj.constraint.name=No Constraint\npolicyset.set1.subj.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.subj.default.name=nsTokenUserKeySubjectNameDefault\n#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User\n#policyset.set1.subj.default.params.dnpattern=CN=GEMSTAR,OU=Domain Controllers,DC=test,dc=local\npolicyset.set1.subj.default.params.dnpattern=CN=$request.ccm$\npolicyset.set1.subj.default.params.ldap.enable=false\npolicyset.set1.subj.default.params.ldap.searchName=uid\npolicyset.set1.subj.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.subj.default.params.ldap.basedn=\npolicyset.set1.subj.default.params.ldap.maxConns=4\npolicyset.set1.subj.default.params.ldap.minConns=1\npolicyset.set1.subj.default.params.ldap.ldapconn.Version=2\npolicyset.set1.subj.default.params.ldap.ldapconn.host=\npolicyset.set1.subj.default.params.ldap.ldapconn.port=\npolicyset.set1.subj.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=true\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=false\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.ccm$\npolicyset.set1.p6.default.params.subjAltExtType_0=DNSName\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(Any)1.3.6.1.4.1.311.25.1,0410$request.GUID$\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.5.constraint.class_id=noConstraintImpl\npolicyset.set1.5.constraint.name=No Constraint\npolicyset.set1.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.5.default.name=AIA Extension Default\npolicyset.set1.5.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.5.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.2\npolicyset.set1.5.default.params.authInfoAccessCritical=false\npolicyset.set1.5.default.params.authInfoAccessNumADs=1\npolicyset.set1.eku.constraint.class_id=noConstraintImpl\npolicyset.set1.eku.constraint.name=No Constraint\npolicyset.set1.eku.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.set1.eku.default.name=Extended Key Usage Extension Default\npolicyset.set1.eku.default.params.exKeyUsageCritical=false\npolicyset.set1.eku.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.crldp.constraint.class_id=noConstraintImpl\npolicyset.set1.crldp.constraint.name=No Constraint\npolicyset.set1.crldp.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.crldp.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.crldp.default.params.crlDistPointsCritical=false\npolicyset.set1.crldp.default.params.crlDistPointsNum=1\npolicyset.set1.crldp.default.params.crlDistPointsEnable_0=true\npolicyset.set1.crldp.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.crldp.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.crldp.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit\npolicyset.set1.crldp.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.crldp.default.params.crlDistPointsReasons_0=\npolicyset.set1.gen.constraint.class_id=noConstraintImpl\npolicyset.set1.gen.constraint.name=No Constraint\npolicyset.set1.gen.default.class_id=genericExtDefaultImpl\npolicyset.set1.gen.default.name=Generic Extension\n#This is the Microsoft 'Certificate Template Name' Extensions. The Value is 'DomainController'\npolicyset.set1.gen.default.params.genericExtOID=1.3.6.1.4.1.311.20.2\npolicyset.set1.gen.default.params.genericExtData=1e200044006f006d00610069006e0043006f006e00740072006f006c006c00650072\nprofileId=DomainController\nclassId=caEnrollImpl\n"
7092. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
7093. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
7094. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7095. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7096. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
7097. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
7098. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7099. 2017-05-11T02:30:57Z DEBUG response status 409
7100. 2017-05-11T02:30:57Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7101. 2017-05-11T02:30:57Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7102. 2017-05-11T02:30:57Z DEBUG Error migrating 'DomainController': Non-2xx response from CA REST API: 409. Profile already exists
7103. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/DomainController?action=enable
7104. 2017-05-11T02:30:57Z DEBUG request body ''
7105. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
7106. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
7107. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7108. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7109. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
7110. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
7111. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7112. 2017-05-11T02:30:57Z DEBUG response status 500
7113. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
7114. 2017-05-11T02:30:57Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7115. 2017-05-11T02:30:57Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7116. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7117. 2017-05-11T02:30:57Z DEBUG request body ''
7118. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
7119. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
7120. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7121. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7122. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
7123. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
7124. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7125. 2017-05-11T02:30:57Z DEBUG response status 204
7126. 2017-05-11T02:30:57Z DEBUG response headers {'set-cookie': 'JSESSIONID=9115C88734285FED43DC577E5C94866F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
7127. 2017-05-11T02:30:57Z DEBUG response body ''
7128. 2017-05-11T02:30:57Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7129. 2017-05-11T02:30:57Z DEBUG request body ''
7130. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
7131. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
7132. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7133. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7134. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
7135. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
7136. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7137. 2017-05-11T02:30:57Z DEBUG response status 200
7138. 2017-05-11T02:30:57Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=538CC0A24F42BA7179625E6FDF3CCED8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
7139. 2017-05-11T02:30:57Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7140. 2017-05-11T02:30:57Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7141. 2017-05-11T02:30:57Z DEBUG request body 'desc=This certificate profile is for enrolling user certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated User Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=.*UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caDualRAuserCert\nclassId=caEnrollImpl\n'
7142. 2017-05-11T02:30:57Z DEBUG NSSConnection init ipa.rdlg.net
7143. 2017-05-11T02:30:57Z DEBUG Connecting: 172.20.0.200:0
7144. 2017-05-11T02:30:57Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7145. 2017-05-11T02:30:57Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7146. 2017-05-11T02:30:57Z DEBUG handshake complete, peer = 172.20.0.200:8443
7147. 2017-05-11T02:30:57Z DEBUG Protocol: TLS1.2
7148. 2017-05-11T02:30:57Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7149. 2017-05-11T02:30:58Z DEBUG response status 409
7150. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7151. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7152. 2017-05-11T02:30:58Z DEBUG Error migrating 'caDualRAuserCert': Non-2xx response from CA REST API: 409. Profile already exists
7153. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDualRAuserCert?action=enable
7154. 2017-05-11T02:30:58Z DEBUG request body ''
7155. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7156. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7157. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7158. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7159. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7160. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7161. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7162. 2017-05-11T02:30:58Z DEBUG response status 500
7163. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
7164. 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7165. 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7166. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7167. 2017-05-11T02:30:58Z DEBUG request body ''
7168. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7169. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7170. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7171. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7172. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7173. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7174. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7175. 2017-05-11T02:30:58Z DEBUG response status 204
7176. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=182992E1B3FA6269DE751801FAC2F628; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
7177. 2017-05-11T02:30:58Z DEBUG response body ''
7178. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7179. 2017-05-11T02:30:58Z DEBUG request body ''
7180. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7181. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7182. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7183. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7184. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7185. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7186. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7187. 2017-05-11T02:30:58Z DEBUG response status 200
7188. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=A076DE38FC7E1F02BC3109F943C43594; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
7189. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7190. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7191. 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for enrolling RA agent user certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Agent User Certificate Enrollment\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\ninput.i3.class_id=subjectDNInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=RSA\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caRAagentCert\nclassId=caEnrollImpl\n'
7192. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7193. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7194. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7195. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7196. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7197. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7198. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7199. 2017-05-11T02:30:58Z DEBUG response status 409
7200. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7201. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7202. 2017-05-11T02:30:58Z DEBUG Error migrating 'caRAagentCert': Non-2xx response from CA REST API: 409. Profile already exists
7203. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRAagentCert?action=enable
7204. 2017-05-11T02:30:58Z DEBUG request body ''
7205. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7206. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7207. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7208. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7209. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7210. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7211. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7212. 2017-05-11T02:30:58Z DEBUG response status 500
7213. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'text/html;charset=utf-8'}
7214. 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7215. 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7216. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7217. 2017-05-11T02:30:58Z DEBUG request body ''
7218. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7219. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7220. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7221. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7222. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7223. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7224. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7225. 2017-05-11T02:30:58Z DEBUG response status 204
7226. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=08322014CC4176ABA64146550FB4F067; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
7227. 2017-05-11T02:30:58Z DEBUG response body ''
7228. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7229. 2017-05-11T02:30:58Z DEBUG request body ''
7230. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7231. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7232. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7233. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7234. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7235. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7236. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7237. 2017-05-11T02:30:58Z DEBUG response status 200
7238. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=9995B637CC2EE2F819DC46C074683C47; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:57 GMT', 'content-type': 'application/xml'}
7239. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7240. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7241. 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=.*\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=365\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=180\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\nprofileId=caRAserverCert\nclassId=caEnrollImpl\n'
7242. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7243. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7244. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7245. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7246. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7247. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7248. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7249. 2017-05-11T02:30:58Z DEBUG response status 409
7250. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7251. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7252. 2017-05-11T02:30:58Z DEBUG Error migrating 'caRAserverCert': Non-2xx response from CA REST API: 409. Profile already exists
7253. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caRAserverCert?action=enable
7254. 2017-05-11T02:30:58Z DEBUG request body ''
7255. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7256. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7257. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7258. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7259. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7260. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7261. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7262. 2017-05-11T02:30:58Z DEBUG response status 500
7263. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7264. 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7265. 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7266. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7267. 2017-05-11T02:30:58Z DEBUG request body ''
7268. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7269. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7270. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7271. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7272. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7273. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7274. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7275. 2017-05-11T02:30:58Z DEBUG response status 204
7276. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=0E85CCE265B4D1FA73450A6433A83E9B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7277. 2017-05-11T02:30:58Z DEBUG response body ''
7278. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7279. 2017-05-11T02:30:58Z DEBUG request body ''
7280. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7281. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7282. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7283. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7284. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7285. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7286. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7287. 2017-05-11T02:30:58Z DEBUG response status 200
7288. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=80F3BDB39D80DF60C7BDF8C735C3B189; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7289. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7290. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7291. 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for enrolling device certificates to contain UUID in the Subject Alternative Name extension\nvisible=true\nenable=false\nenableBy=admin\nname=Manual device Dual-Use Certificate Enrollment to contain UUID in SAN\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=keyGenInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=userCertSet\npolicyset.userCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.userCertSet.1.constraint.name=Subject Name Constraint\npolicyset.userCertSet.1.constraint.params.pattern=UID=.*\npolicyset.userCertSet.1.constraint.params.accept=true\npolicyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.userCertSet.1.default.name=Subject Name Default\npolicyset.userCertSet.1.default.params.name=\npolicyset.userCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.userCertSet.2.constraint.name=Validity Constraint\npolicyset.userCertSet.2.constraint.params.range=365\npolicyset.userCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.userCertSet.2.constraint.params.notAfterCheck=false\npolicyset.userCertSet.2.default.class_id=validityDefaultImpl\npolicyset.userCertSet.2.default.name=Validity Default\npolicyset.userCertSet.2.default.params.range=180\npolicyset.userCertSet.2.default.params.startTime=0\npolicyset.userCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.userCertSet.3.constraint.name=Key Constraint\npolicyset.userCertSet.3.constraint.params.keyType=-\npolicyset.userCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\npolicyset.userCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.userCertSet.3.default.name=Key Default\npolicyset.userCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.4.constraint.name=No Constraint\npolicyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.userCertSet.4.default.name=Authority Key Identifier Default\npolicyset.userCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.5.constraint.name=No Constraint\npolicyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.userCertSet.5.default.name=AIA Extension Default\npolicyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.userCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.userCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.userCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.userCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.userCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.userCertSet.6.default.name=Key Usage Default\npolicyset.userCertSet.6.default.params.keyUsageCritical=true\npolicyset.userCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.userCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.userCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.userCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.userCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.userCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.userCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.userCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.userCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.7.constraint.name=No Constraint\npolicyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.userCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.userCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.userCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.userCertSet.8.constraint.name=No Constraint\npolicyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.userCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.userCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.userCertSet.8.default.params.subjAltExtType_1=OtherName\npolicyset.userCertSet.8.default.params.subjAltExtPattern_1=(IA5String)1.2.3.4,$server.source$\npolicyset.userCertSet.8.default.params.subjAltExtGNEnable_1=true\npolicyset.userCertSet.8.default.params.subjAltExtSource_1=UUID4\npolicyset.userCertSet.8.default.params.subjAltNameNumGNs=2\npolicyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.userCertSet.9.constraint.name=No Constraint\npolicyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.userCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.userCertSet.9.default.name=Signing Alg\npolicyset.userCertSet.9.default.params.signingAlg=-\nprofileId=caUUIDdeviceCert\nclassId=caEnrollImpl\n'
7292. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7293. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7294. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7295. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7296. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7297. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7298. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7299. 2017-05-11T02:30:58Z DEBUG response status 409
7300. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7301. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7302. 2017-05-11T02:30:58Z DEBUG Error migrating 'caUUIDdeviceCert': Non-2xx response from CA REST API: 409. Profile already exists
7303. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caUUIDdeviceCert?action=enable
7304. 2017-05-11T02:30:58Z DEBUG request body ''
7305. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7306. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7307. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7308. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7309. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7310. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7311. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7312. 2017-05-11T02:30:58Z DEBUG response status 204
7313. 2017-05-11T02:30:58Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
7314. 2017-05-11T02:30:58Z DEBUG response body ''
7315. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7316. 2017-05-11T02:30:58Z DEBUG request body ''
7317. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7318. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7319. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7320. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7321. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7322. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7323. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7324. 2017-05-11T02:30:58Z DEBUG response status 204
7325. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=68B1B09B612394C6107E00480B53D4AC; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7326. 2017-05-11T02:30:58Z DEBUG response body ''
7327. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7328. 2017-05-11T02:30:58Z DEBUG request body ''
7329. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7330. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7331. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7332. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7333. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7334. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7335. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7336. 2017-05-11T02:30:58Z DEBUG response status 200
7337. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=2987DD780FCBE8C7E5B227BFF4697CE2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7338. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7339. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7340. 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for renewing SSL client certificates.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=SSLclientCertAuth\nname=Renewal: Self-renew user SSL client certificates\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caSSLClientSelfRenewal\nclassId=caEnrollImpl\n'
7341. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7342. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7343. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7344. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7345. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7346. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7347. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7348. 2017-05-11T02:30:58Z DEBUG response status 409
7349. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7350. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7351. 2017-05-11T02:30:58Z DEBUG Error migrating 'caSSLClientSelfRenewal': Non-2xx response from CA REST API: 409. Profile already exists
7352. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSSLClientSelfRenewal?action=enable
7353. 2017-05-11T02:30:58Z DEBUG request body ''
7354. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7355. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7356. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7357. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7358. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7359. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7360. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7361. 2017-05-11T02:30:58Z DEBUG response status 500
7362. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7363. 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7364. 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7365. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7366. 2017-05-11T02:30:58Z DEBUG request body ''
7367. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7368. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7369. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7370. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7371. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7372. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7373. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7374. 2017-05-11T02:30:58Z DEBUG response status 204
7375. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=644F322201634A664A80761E02D7669B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7376. 2017-05-11T02:30:58Z DEBUG response body ''
7377. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7378. 2017-05-11T02:30:58Z DEBUG request body ''
7379. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7380. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7381. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7382. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7383. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7384. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7385. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7386. 2017-05-11T02:30:58Z DEBUG response status 200
7387. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=035500ACDB2FB969E354CFEC53E93CC9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7388. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7389. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7390. 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for renewing a certificate by serial number by using directory based authentication.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=UserDirEnrollment\nauthz.acl=user_origreq="auth_token.uid"\nname=Renewal: Directory-Authenticated User Certificate Self-Renew profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caDirUserRenewal\nclassId=caEnrollImpl\n'
7391. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7392. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7393. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7394. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7395. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7396. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7397. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7398. 2017-05-11T02:30:58Z DEBUG response status 409
7399. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7400. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7401. 2017-05-11T02:30:58Z DEBUG Error migrating 'caDirUserRenewal': Non-2xx response from CA REST API: 409. Profile already exists
7402. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caDirUserRenewal?action=enable
7403. 2017-05-11T02:30:58Z DEBUG request body ''
7404. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7405. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7406. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7407. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7408. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7409. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7410. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7411. 2017-05-11T02:30:58Z DEBUG response status 500
7412. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7413. 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7414. 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7415. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7416. 2017-05-11T02:30:58Z DEBUG request body ''
7417. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7418. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7419. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7420. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7421. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7422. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7423. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7424. 2017-05-11T02:30:58Z DEBUG response status 204
7425. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=1B12804ABC70F481C514CF1387AA8FA3; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7426. 2017-05-11T02:30:58Z DEBUG response body ''
7427. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7428. 2017-05-11T02:30:58Z DEBUG request body ''
7429. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7430. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7431. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7432. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7433. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7434. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7435. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7436. 2017-05-11T02:30:58Z DEBUG response status 200
7437. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4F7288B249DA22712C7AA09F597E9254; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7438. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7439. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7440. 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for renewing certificates to be approved manually by agents.\nvisible=true\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=\nname=Renewal: Renew certificate to be manually approved by agents\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caManualRenewal\nclassId=caEnrollImpl\n'
7441. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7442. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7443. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7444. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7445. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7446. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7447. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7448. 2017-05-11T02:30:58Z DEBUG response status 409
7449. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7450. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7451. 2017-05-11T02:30:58Z DEBUG Error migrating 'caManualRenewal': Non-2xx response from CA REST API: 409. Profile already exists
7452. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caManualRenewal?action=enable
7453. 2017-05-11T02:30:58Z DEBUG request body ''
7454. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7455. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7456. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7457. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7458. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7459. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7460. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7461. 2017-05-11T02:30:58Z DEBUG response status 500
7462. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7463. 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7464. 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7465. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7466. 2017-05-11T02:30:58Z DEBUG request body ''
7467. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7468. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7469. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7470. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7471. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7472. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7473. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7474. 2017-05-11T02:30:58Z DEBUG response status 204
7475. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=EB6528EE7A03D0B6072753172501AC8E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7476. 2017-05-11T02:30:58Z DEBUG response body ''
7477. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7478. 2017-05-11T02:30:58Z DEBUG request body ''
7479. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7480. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7481. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7482. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7483. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7484. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7485. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7486. 2017-05-11T02:30:58Z DEBUG response status 200
7487. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=F45F58013B24DE6D8EB8CFC1A0C6F90F; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7488. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7489. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7490. 2017-05-11T02:30:58Z DEBUG request body 'desc=This profile is for enrolling MS Login Certificate\nenable=true\nenableBy=admin\nname=Token User MS Login Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o2.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12,p13,p14,p15\npolicyset.set1.p1.constraint.class_id=noConstraintImpl\npolicyset.set1.p1.constraint.name=No Constraint\npolicyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl\npolicyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault\npolicyset.set1.p1.default.params.dnpattern=CN=uid=$request.uid$,E=$request.mail$, ou=$request.upn$, o=example\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=true\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail,givenName,sn,upn\npolicyset.set1.p1.default.params.ldap.basedn=ou=People,dc=example,dc=com\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=localhost.localdomain\npolicyset.set1.p1.default.params.ldap.ldapconn.port=389\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.upn$\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=2\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\n policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=true\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9443/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=true\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9443/ca/ocsp\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\npolicyset.set1.p15.constraint.class_id=noConstraintImpl\npolicyset.set1.p15.constraint.name=No Constraint\npolicyset.set1.p15.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.set1.p15.default.name=Extended Key Usage Extension Default\npolicyset.set1.p15.default.params.exKeyUsageCritical=false\npolicyset.set1.p15.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2\n\nprofileId=caTokenMSLoginEnrollment\nclassId=caUserCertEnrollImpl\n'
7491. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7492. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7493. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7494. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7495. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7496. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7497. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7498. 2017-05-11T02:30:58Z DEBUG response status 409
7499. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7500. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7501. 2017-05-11T02:30:58Z DEBUG Error migrating 'caTokenMSLoginEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
7502. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenMSLoginEnrollment?action=enable
7503. 2017-05-11T02:30:58Z DEBUG request body ''
7504. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7505. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7506. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7507. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7508. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7509. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7510. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7511. 2017-05-11T02:30:58Z DEBUG response status 500
7512. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7513. 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7514. 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7515. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7516. 2017-05-11T02:30:58Z DEBUG request body ''
7517. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7518. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7519. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7520. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7521. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7522. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7523. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7524. 2017-05-11T02:30:58Z DEBUG response status 204
7525. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=123159B1C1402A26A271E7AD8E287376; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7526. 2017-05-11T02:30:58Z DEBUG response body ''
7527. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7528. 2017-05-11T02:30:58Z DEBUG request body ''
7529. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7530. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7531. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7532. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7533. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7534. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7535. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7536. 2017-05-11T02:30:58Z DEBUG response status 200
7537. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=810876DC01E828CABD741C1E0F2B7221; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7538. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7539. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7540. 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for renewing a token certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token signing cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserSigningKeyRenewal\nclassId=caUserCertEnrollImpl\n'
7541. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7542. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7543. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7544. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7545. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7546. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7547. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7548. 2017-05-11T02:30:58Z DEBUG response status 409
7549. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7550. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7551. 2017-05-11T02:30:58Z DEBUG Error migrating 'caTokenUserSigningKeyRenewal': Non-2xx response from CA REST API: 409. Profile already exists
7552. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserSigningKeyRenewal?action=enable
7553. 2017-05-11T02:30:58Z DEBUG request body ''
7554. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7555. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7556. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7557. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7558. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7559. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7560. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7561. 2017-05-11T02:30:58Z DEBUG response status 500
7562. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7563. 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7564. 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7565. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7566. 2017-05-11T02:30:58Z DEBUG request body ''
7567. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7568. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7569. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7570. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7571. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7572. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7573. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7574. 2017-05-11T02:30:58Z DEBUG response status 204
7575. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=64581118A37C9476B43760D4D2AA98E2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7576. 2017-05-11T02:30:58Z DEBUG response body ''
7577. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7578. 2017-05-11T02:30:58Z DEBUG request body ''
7579. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7580. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7581. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7582. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7583. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7584. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7585. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7586. 2017-05-11T02:30:58Z DEBUG response status 200
7587. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=4FDFE3C95CFC914259D03AE213603590; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7588. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7589. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7590. 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for renewing a token encryption certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token encryption cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserEncryptionKeyRenewal\nclassId=caUserCertEnrollImpl\n'
7591. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7592. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7593. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7594. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7595. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7596. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7597. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7598. 2017-05-11T02:30:58Z DEBUG response status 409
7599. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7600. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7601. 2017-05-11T02:30:58Z DEBUG Error migrating 'caTokenUserEncryptionKeyRenewal': Non-2xx response from CA REST API: 409. Profile already exists
7602. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserEncryptionKeyRenewal?action=enable
7603. 2017-05-11T02:30:58Z DEBUG request body ''
7604. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7605. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7606. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7607. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7608. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7609. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7610. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7611. 2017-05-11T02:30:58Z DEBUG response status 500
7612. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7613. 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7614. 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7615. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7616. 2017-05-11T02:30:58Z DEBUG request body ''
7617. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7618. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7619. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7620. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7621. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7622. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7623. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7624. 2017-05-11T02:30:58Z DEBUG response status 204
7625. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=052341DBAB8371C74BD9FD0B28BE47CE; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7626. 2017-05-11T02:30:58Z DEBUG response body ''
7627. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7628. 2017-05-11T02:30:58Z DEBUG request body ''
7629. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7630. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7631. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7632. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7633. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7634. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7635. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7636. 2017-05-11T02:30:58Z DEBUG response status 200
7637. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=F7396C8C1E32B52E7F5D22B5AB635E30; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7638. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7639. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7640. 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for renewing a token authentication certificate\nvisible=false\nenable=true\nenableBy=admin\nrenewal=true\nauth.instance_id=AgentCertAuth\nname=smart card token authentication cert renewal profile\ninput.list=i1\ninput.i1.class_id=serialNumRenewInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\nprofileId=caTokenUserAuthKeyRenewal\nclassId=caUserCertEnrollImpl\n'
7641. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7642. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7643. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7644. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7645. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7646. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7647. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7648. 2017-05-11T02:30:58Z DEBUG response status 409
7649. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7650. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7651. 2017-05-11T02:30:58Z DEBUG Error migrating 'caTokenUserAuthKeyRenewal': Non-2xx response from CA REST API: 409. Profile already exists
7652. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserAuthKeyRenewal?action=enable
7653. 2017-05-11T02:30:58Z DEBUG request body ''
7654. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7655. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7656. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7657. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7658. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7659. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7660. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7661. 2017-05-11T02:30:58Z DEBUG response status 500
7662. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7663. 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7664. 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7665. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7666. 2017-05-11T02:30:58Z DEBUG request body ''
7667. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7668. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7669. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7670. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7671. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7672. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7673. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7674. 2017-05-11T02:30:58Z DEBUG response status 204
7675. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=EDA97407BE5E4DC72CEE5218C0AE8ED9; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7676. 2017-05-11T02:30:58Z DEBUG response body ''
7677. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7678. 2017-05-11T02:30:58Z DEBUG request body ''
7679. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7680. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7681. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7682. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7683. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7684. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7685. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7686. 2017-05-11T02:30:58Z DEBUG response status 200
7687. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=DD2CDD4AEB417073407922FB2676CF83; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7688. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7689. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7690. 2017-05-11T02:30:58Z DEBUG request body 'desc=This is an IPA profile for enrolling Jar Signing certificates.\nenable=true\nenableBy=admin\nname=Manual Jar Signing Certificate Enrollment\nvisible=false\nauth.class_id=\nauth.instance_id=raCertAuth\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=caJarSigningSet\npolicyset.caJarSigningSet.list=1,2,3,4,5,6\npolicyset.caJarSigningSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.caJarSigningSet.1.constraint.name=Subject Name Constraint\npolicyset.caJarSigningSet.1.constraint.params.accept=true\npolicyset.caJarSigningSet.1.constraint.params.pattern=.*\npolicyset.caJarSigningSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.caJarSigningSet.1.default.name=Subject Name Default\npolicyset.caJarSigningSet.1.default.params.name=\npolicyset.caJarSigningSet.2.constraint.class_id=validityConstraintImpl\npolicyset.caJarSigningSet.2.constraint.name=Validity Constraint\npolicyset.caJarSigningSet.2.constraint.params.notAfterCheck=false\npolicyset.caJarSigningSet.2.constraint.params.notBeforeCheck=false\npolicyset.caJarSigningSet.2.constraint.params.range=2922\npolicyset.caJarSigningSet.2.default.class_id=validityDefaultImpl\npolicyset.caJarSigningSet.2.default.name=Validity Default\npolicyset.caJarSigningSet.2.default.params.range=1461\npolicyset.caJarSigningSet.2.default.params.startTime=0\npolicyset.caJarSigningSet.3.constraint.class_id=keyConstraintImpl\npolicyset.caJarSigningSet.3.constraint.name=Key Constraint\npolicyset.caJarSigningSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.caJarSigningSet.3.constraint.params.keyType=RSA\npolicyset.caJarSigningSet.3.default.class_id=userKeyDefaultImpl\npolicyset.caJarSigningSet.3.default.name=Key Default\npolicyset.caJarSigningSet.4.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.caJarSigningSet.4.constraint.name=Key Usage Extension Constraint\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCritical=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageCrlSign=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDataEncipherment=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDecipherOnly=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageDigitalSignature=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageEncipherOnly=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyAgreement=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyCertSign=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageKeyEncipherment=-\npolicyset.caJarSigningSet.4.constraint.params.keyUsageNonRepudiation=-\npolicyset.caJarSigningSet.4.default.class_id=keyUsageExtDefaultImpl\npolicyset.caJarSigningSet.4.default.name=Key Usage Default\npolicyset.caJarSigningSet.4.default.params.keyUsageCritical=true\npolicyset.caJarSigningSet.4.default.params.keyUsageCrlSign=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDataEncipherment=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDecipherOnly=false\npolicyset.caJarSigningSet.4.default.params.keyUsageDigitalSignature=true\npolicyset.caJarSigningSet.4.default.params.keyUsageEncipherOnly=false\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyAgreement=false\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyCertSign=true\npolicyset.caJarSigningSet.4.default.params.keyUsageKeyEncipherment=false\npolicyset.caJarSigningSet.4.default.params.keyUsageNonRepudiation=false\npolicyset.caJarSigningSet.5.constraint.class_id=nsCertTypeExtConstraintImpl\npolicyset.caJarSigningSet.5.constraint.name=Netscape Certificate Type Extension Constraint\npolicyset.caJarSigningSet.5.constraint.params.nsCertCritical=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmail=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertEmailCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigning=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertObjectSigningCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLCA=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLClient=-\npolicyset.caJarSigningSet.5.constraint.params.nsCertSSLServer=-\npolicyset.caJarSigningSet.5.default.class_id=nsCertTypeExtDefaultImpl\npolicyset.caJarSigningSet.5.default.name=Netscape Certificate Type Extension Default\npolicyset.caJarSigningSet.5.default.params.nsCertCritical=false\npolicyset.caJarSigningSet.5.default.params.nsCertEmail=false\npolicyset.caJarSigningSet.5.default.params.nsCertEmailCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigning=true\npolicyset.caJarSigningSet.5.default.params.nsCertObjectSigningCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLCA=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLClient=false\npolicyset.caJarSigningSet.5.default.params.nsCertSSLServer=false\npolicyset.caJarSigningSet.6.constraint.class_id=signingAlgConstraintImpl\npolicyset.caJarSigningSet.6.constraint.name=No Constraint\npolicyset.caJarSigningSet.6.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.caJarSigningSet.6.default.class_id=signingAlgDefaultImpl\npolicyset.caJarSigningSet.6.default.name=Signing Alg\npolicyset.caJarSigningSet.6.default.params.signingAlg=-\nprofileId=caJarSigningCert\nclassId=caEnrollImpl\n'
7691. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7692. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7693. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7694. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7695. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7696. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7697. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7698. 2017-05-11T02:30:58Z DEBUG response status 409
7699. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7700. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7701. 2017-05-11T02:30:58Z DEBUG Error migrating 'caJarSigningCert': Non-2xx response from CA REST API: 409. Profile already exists
7702. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caJarSigningCert?action=enable
7703. 2017-05-11T02:30:58Z DEBUG request body ''
7704. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7705. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7706. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7707. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7708. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7709. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7710. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7711. 2017-05-11T02:30:58Z DEBUG response status 500
7712. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7713. 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7714. 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7715. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7716. 2017-05-11T02:30:58Z DEBUG request body ''
7717. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7718. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7719. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7720. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7721. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7722. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7723. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7724. 2017-05-11T02:30:58Z DEBUG response status 204
7725. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=AAFE444092F7EF7B6BCBA6C94AE0A135; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7726. 2017-05-11T02:30:58Z DEBUG response body ''
7727. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7728. 2017-05-11T02:30:58Z DEBUG request body ''
7729. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7730. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7731. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7732. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7733. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7734. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7735. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7736. 2017-05-11T02:30:58Z DEBUG response status 200
7737. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=C6584322B79C49320D19BA2DA8048429; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7738. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7739. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7740. 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, OU=pki-ipa, O=IPA \npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=https://ipa.example.com/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\nprofileId=caIPAserviceCert\nclassId=caEnrollImpl\n'
7741. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7742. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7743. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7744. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7745. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7746. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7747. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7748. 2017-05-11T02:30:58Z DEBUG response status 409
7749. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7750. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7751. 2017-05-11T02:30:58Z DEBUG Error migrating 'caIPAserviceCert': Non-2xx response from CA REST API: 409. Profile already exists
7752. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caIPAserviceCert?action=enable
7753. 2017-05-11T02:30:58Z DEBUG request body ''
7754. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7755. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7756. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7757. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7758. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7759. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7760. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7761. 2017-05-11T02:30:58Z DEBUG response status 500
7762. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7763. 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7764. 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7765. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7766. 2017-05-11T02:30:58Z DEBUG request body ''
7767. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7768. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7769. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7770. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7771. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7772. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7773. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7774. 2017-05-11T02:30:58Z DEBUG response status 204
7775. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=823425594F298491516A43D868F91CAD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7776. 2017-05-11T02:30:58Z DEBUG response body ''
7777. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7778. 2017-05-11T02:30:58Z DEBUG request body ''
7779. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7780. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7781. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7782. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7783. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7784. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7785. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7786. 2017-05-11T02:30:58Z DEBUG response status 200
7787. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=A800AD8A3E6BCAF3DB46976CB5F652C2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7788. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7789. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7790. 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for enrolling user encryption certificates with option to archive keys.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Encryption Certificates Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=CN=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=RSA\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\n\nprofileId=caEncUserCert\nclassId=caEnrollImpl\n'
7791. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7792. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7793. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7794. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7795. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7796. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7797. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7798. 2017-05-11T02:30:58Z DEBUG response status 409
7799. 2017-05-11T02:30:58Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7800. 2017-05-11T02:30:58Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7801. 2017-05-11T02:30:58Z DEBUG Error migrating 'caEncUserCert': Non-2xx response from CA REST API: 409. Profile already exists
7802. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caEncUserCert?action=enable
7803. 2017-05-11T02:30:58Z DEBUG request body ''
7804. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7805. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7806. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7807. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7808. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7809. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7810. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7811. 2017-05-11T02:30:58Z DEBUG response status 500
7812. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7813. 2017-05-11T02:30:58Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7814. 2017-05-11T02:30:58Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7815. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7816. 2017-05-11T02:30:58Z DEBUG request body ''
7817. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7818. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7819. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7820. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7821. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7822. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7823. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7824. 2017-05-11T02:30:58Z DEBUG response status 204
7825. 2017-05-11T02:30:58Z DEBUG response headers {'set-cookie': 'JSESSIONID=EB127D2F4F73A04EB78FF42ED07D4B78; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7826. 2017-05-11T02:30:58Z DEBUG response body ''
7827. 2017-05-11T02:30:58Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7828. 2017-05-11T02:30:58Z DEBUG request body ''
7829. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7830. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7831. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7832. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7833. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7834. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7835. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7836. 2017-05-11T02:30:58Z DEBUG response status 200
7837. 2017-05-11T02:30:58Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=1E9C5604D5DC4FFCF4BE233C121EC17B; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7838. 2017-05-11T02:30:58Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7839. 2017-05-11T02:30:58Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7840. 2017-05-11T02:30:58Z DEBUG request body 'desc=This certificate profile is for enrolling user signing certificates.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=signingCertSet\npolicyset.signingCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=CN=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=RSA\npolicyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.5.constraint.name=No Constraint\npolicyset.signingCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.signingCertSet.5.default.name=AIA Extension Default\npolicyset.signingCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.signingCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.signingCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.signingCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.signingCertSet.6.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.6.constraint.name=No Constraint\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\n\nprofileId=caSigningUserCert\nclassId=caEnrollImpl\n'
7841. 2017-05-11T02:30:58Z DEBUG NSSConnection init ipa.rdlg.net
7842. 2017-05-11T02:30:58Z DEBUG Connecting: 172.20.0.200:0
7843. 2017-05-11T02:30:58Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7844. 2017-05-11T02:30:58Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7845. 2017-05-11T02:30:58Z DEBUG handshake complete, peer = 172.20.0.200:8443
7846. 2017-05-11T02:30:58Z DEBUG Protocol: TLS1.2
7847. 2017-05-11T02:30:58Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7848. 2017-05-11T02:30:59Z DEBUG response status 409
7849. 2017-05-11T02:30:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7850. 2017-05-11T02:30:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7851. 2017-05-11T02:30:59Z DEBUG Error migrating 'caSigningUserCert': Non-2xx response from CA REST API: 409. Profile already exists
7852. 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSigningUserCert?action=enable
7853. 2017-05-11T02:30:59Z DEBUG request body ''
7854. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
7855. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
7856. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7857. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7858. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
7859. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
7860. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7861. 2017-05-11T02:30:59Z DEBUG response status 500
7862. 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7863. 2017-05-11T02:30:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7864. 2017-05-11T02:30:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7865. 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7866. 2017-05-11T02:30:59Z DEBUG request body ''
7867. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
7868. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
7869. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7870. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7871. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
7872. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
7873. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7874. 2017-05-11T02:30:59Z DEBUG response status 204
7875. 2017-05-11T02:30:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=BB89A7FE3CEE2F81EB68687D46E1D368; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7876. 2017-05-11T02:30:59Z DEBUG response body ''
7877. 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7878. 2017-05-11T02:30:59Z DEBUG request body ''
7879. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
7880. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
7881. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7882. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7883. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
7884. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
7885. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7886. 2017-05-11T02:30:59Z DEBUG response status 200
7887. 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=FC3ACF10F594F86A0C6AEA06D44F0AA2; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7888. 2017-05-11T02:30:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7889. 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7890. 2017-05-11T02:30:59Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC signing certificates. It works only with the latest Firefox.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Signing ECC Certificate Enrollment\nauth.class_id=\ninput.list=i1,i2,i3\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=subjectNameInputImpl\ninput.i3.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=signingCertSet\npolicyset.signingCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.signingCertSet.1.constraint.name=Subject Name Constraint\npolicyset.signingCertSet.1.constraint.params.pattern=CN=.*\npolicyset.signingCertSet.1.constraint.params.accept=true\npolicyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.signingCertSet.1.default.name=Subject Name Default\npolicyset.signingCertSet.1.default.params.name=\npolicyset.signingCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.signingCertSet.2.constraint.name=Validity Constraint\npolicyset.signingCertSet.2.constraint.params.range=365\npolicyset.signingCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.signingCertSet.2.constraint.params.notAfterCheck=false\npolicyset.signingCertSet.2.default.class_id=validityDefaultImpl\npolicyset.signingCertSet.2.default.name=Validity Default\npolicyset.signingCertSet.2.default.params.range=180\npolicyset.signingCertSet.2.default.params.startTime=0\npolicyset.signingCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.signingCertSet.3.constraint.name=Key Constraint\npolicyset.signingCertSet.3.constraint.params.keyType=EC\npolicyset.signingCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.signingCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.signingCertSet.3.default.name=Key Default\npolicyset.signingCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.4.constraint.name=No Constraint\npolicyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.signingCertSet.4.default.name=Authority Key Identifier Default\npolicyset.signingCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.5.constraint.name=No Constraint\npolicyset.signingCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.signingCertSet.5.default.name=AIA Extension Default\npolicyset.signingCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.signingCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.signingCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.signingCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.signingCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.signingCertSet.6.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.6.constraint.name=No Constraint\npolicyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.signingCertSet.6.default.name=Key Usage Default\npolicyset.signingCertSet.6.default.params.keyUsageCritical=true\npolicyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.signingCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.signingCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.7.constraint.name=No Constraint\npolicyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.signingCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.signingCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.signingCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.signingCertSet.8.constraint.name=No Constraint\npolicyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.signingCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.signingCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.signingCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.signingCertSet.9.constraint.name=No Constraint\npolicyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.signingCertSet.9.default.name=Signing Alg\npolicyset.signingCertSet.9.default.params.signingAlg=-\n\nprofileId=caSigningECUserCert\nclassId=caEnrollImpl\n'
7891. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
7892. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
7893. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7894. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7895. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
7896. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
7897. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7898. 2017-05-11T02:30:59Z DEBUG response status 409
7899. 2017-05-11T02:30:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7900. 2017-05-11T02:30:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7901. 2017-05-11T02:30:59Z DEBUG Error migrating 'caSigningECUserCert': Non-2xx response from CA REST API: 409. Profile already exists
7902. 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caSigningECUserCert?action=enable
7903. 2017-05-11T02:30:59Z DEBUG request body ''
7904. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
7905. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
7906. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7907. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7908. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
7909. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
7910. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7911. 2017-05-11T02:30:59Z DEBUG response status 500
7912. 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7913. 2017-05-11T02:30:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7914. 2017-05-11T02:30:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7915. 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7916. 2017-05-11T02:30:59Z DEBUG request body ''
7917. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
7918. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
7919. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7920. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7921. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
7922. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
7923. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7924. 2017-05-11T02:30:59Z DEBUG response status 204
7925. 2017-05-11T02:30:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=4257C5D5391D0227A699E737F0D523ED; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7926. 2017-05-11T02:30:59Z DEBUG response body ''
7927. 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7928. 2017-05-11T02:30:59Z DEBUG request body ''
7929. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
7930. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
7931. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7932. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7933. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
7934. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
7935. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7936. 2017-05-11T02:30:59Z DEBUG response status 200
7937. 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=7C25D447552066DE32A631C340A6E2A6; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/xml'}
7938. 2017-05-11T02:30:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7939. 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7940. 2017-05-11T02:30:59Z DEBUG request body 'desc=This certificate profile is for enrolling user ECC encryption certificates. It works only with latest Firefox.\nvisible=false\nenable=true\nenableBy=admin\nname=Manual User Encryption ECC Certificates Enrollment\nauth.class_id=\ninput.list=i1\ninput.i1.class_id=encKeyGenInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=encryptionCertSet\npolicyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9\npolicyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.encryptionCertSet.1.constraint.name=Subject Name Constraint\npolicyset.encryptionCertSet.1.constraint.params.pattern=CN=.*\npolicyset.encryptionCertSet.1.constraint.params.accept=true\npolicyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl\npolicyset.encryptionCertSet.1.default.name=Subject Name Default\npolicyset.encryptionCertSet.1.default.params.name=\npolicyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.encryptionCertSet.2.constraint.name=Validity Constraint\npolicyset.encryptionCertSet.2.constraint.params.range=365\npolicyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.encryptionCertSet.2.constraint.params.notAfterCheck=false\npolicyset.encryptionCertSet.2.default.class_id=validityDefaultImpl\npolicyset.encryptionCertSet.2.default.name=Validity Default\npolicyset.encryptionCertSet.2.default.params.range=180\npolicyset.encryptionCertSet.2.default.params.startTime=0\npolicyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.encryptionCertSet.3.constraint.name=Key Constraint\npolicyset.encryptionCertSet.3.constraint.params.keyType=EC\npolicyset.encryptionCertSet.3.constraint.params.keyParameters=nistp256,nistp521\npolicyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.encryptionCertSet.3.default.name=Key Default\npolicyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.4.constraint.name=No Constraint\npolicyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.encryptionCertSet.4.default.name=Authority Key Identifier Default\npolicyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.5.constraint.name=No Constraint\npolicyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.encryptionCertSet.5.default.name=AIA Extension Default\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=\npolicyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.encryptionCertSet.6.default.name=Key Usage Default\npolicyset.encryptionCertSet.6.default.params.keyUsageCritical=true\npolicyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false\npolicyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.7.constraint.name=No Constraint\npolicyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\npolicyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl\npolicyset.encryptionCertSet.8.constraint.name=No Constraint\npolicyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint\npolicyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false\npolicyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name\npolicyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$\npolicyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true\npolicyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1\npolicyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl\npolicyset.encryptionCertSet.9.constraint.name=No Constraint\npolicyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC\npolicyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl\npolicyset.encryptionCertSet.9.default.name=Signing Alg\npolicyset.encryptionCertSet.9.default.params.signingAlg=-\nprofileId=caEncECUserCert\nclassId=caEnrollImpl\n'
7941. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
7942. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
7943. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7944. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7945. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
7946. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
7947. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7948. 2017-05-11T02:30:59Z DEBUG response status 409
7949. 2017-05-11T02:30:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
7950. 2017-05-11T02:30:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
7951. 2017-05-11T02:30:59Z DEBUG Error migrating 'caEncECUserCert': Non-2xx response from CA REST API: 409. Profile already exists
7952. 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caEncECUserCert?action=enable
7953. 2017-05-11T02:30:59Z DEBUG request body ''
7954. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
7955. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
7956. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7957. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7958. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
7959. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
7960. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7961. 2017-05-11T02:30:59Z DEBUG response status 500
7962. 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:58 GMT', 'content-type': 'text/html;charset=utf-8'}
7963. 2017-05-11T02:30:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
7964. 2017-05-11T02:30:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
7965. 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
7966. 2017-05-11T02:30:59Z DEBUG request body ''
7967. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
7968. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
7969. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7970. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7971. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
7972. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
7973. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7974. 2017-05-11T02:30:59Z DEBUG response status 204
7975. 2017-05-11T02:30:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=EA35DCC523C01764F8D62E11D499A02D; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
7976. 2017-05-11T02:30:59Z DEBUG response body ''
7977. 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
7978. 2017-05-11T02:30:59Z DEBUG request body ''
7979. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
7980. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
7981. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7982. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7983. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
7984. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
7985. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7986. 2017-05-11T02:30:59Z DEBUG response status 200
7987. 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=5E5DBE138D6E4A3CED0DD7F3E48754DD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
7988. 2017-05-11T02:30:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
7989. 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
7990. 2017-05-11T02:30:59Z DEBUG request body 'desc=This profile is for enrolling Token User Delegate Authentication key\nenable=true\nenableBy=admin\nname=Token User Delegate Authentication Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\ninput.i2.class_id=subjectDNInputImpl\ninput.i2.name=subjectDNInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\ninput.i3.name=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p1.constraint.name=Subject Name Constraint\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p1.default.params.name=\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.req_san_pattern_0$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserDelegateAuthKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
7991. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
7992. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
7993. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
7994. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
7995. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
7996. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
7997. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
7998. 2017-05-11T02:30:59Z DEBUG response status 409
7999. 2017-05-11T02:30:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
8000. 2017-05-11T02:30:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
8001. 2017-05-11T02:30:59Z DEBUG Error migrating 'caTokenUserDelegateAuthKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
8002. 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserDelegateAuthKeyEnrollment?action=enable
8003. 2017-05-11T02:30:59Z DEBUG request body ''
8004. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
8005. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
8006. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8007. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8008. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
8009. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
8010. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8011. 2017-05-11T02:30:59Z DEBUG response status 500
8012. 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'text/html;charset=utf-8'}
8013. 2017-05-11T02:30:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
8014. 2017-05-11T02:30:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
8015. 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
8016. 2017-05-11T02:30:59Z DEBUG request body ''
8017. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
8018. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
8019. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8020. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8021. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
8022. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
8023. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8024. 2017-05-11T02:30:59Z DEBUG response status 204
8025. 2017-05-11T02:30:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=C1916DFA4FC116820634D4E5C602FF95; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
8026. 2017-05-11T02:30:59Z DEBUG response body ''
8027. 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
8028. 2017-05-11T02:30:59Z DEBUG request body ''
8029. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
8030. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
8031. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8032. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8033. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
8034. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
8035. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8036. 2017-05-11T02:30:59Z DEBUG response status 200
8037. 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=FEA91CD2AE13E69C171FB9D197219DBB; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
8038. 2017-05-11T02:30:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
8039. 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
8040. 2017-05-11T02:30:59Z DEBUG request body 'desc=This profile is for enrolling Token User Delegate Signing key\nenable=true\nenableBy=admin\nname=Token User Delegate Signing Certificate Enrollment\nvisible=false\nauth.instance_id=AgentCertAuth\ninput.list=i1,i2,i3\ninput.i1.class_id=nsNKeyCertReqInputImpl\ninput.i1.name=nsNKeyCertReqInputImpl\ninput.i2.class_id=subjectDNInputImpl\ninput.i2.name=subjectDNInputImpl\ninput.i3.class_id=subjectAltNameExtInputImpl\ninput.i3.name=subjectAltNameExtInputImpl\noutput.list=o1\noutput.o1.class_id=nsNKeyOutputImpl\noutput.o1.name=nsNKeyOutputImpl\npolicyset.list=set1\n#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14\npolicyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12\npolicyset.set1.p1.constraint.class_id=subjectNameConstraintImpl\npolicyset.set1.p1.constraint.name=Subject Name Constraint\npolicyset.set1.p1.constraint.params.pattern=.*\npolicyset.set1.p1.constraint.params.accept=true\npolicyset.set1.p1.default.class_id=userSubjectNameDefaultImpl\npolicyset.set1.p1.default.name=Subject Name Default\npolicyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User\n#changed ldap.enable to true to support SMIME\npolicyset.set1.p1.default.params.ldap.enable=false\npolicyset.set1.p1.default.params.ldap.searchName=uid\npolicyset.set1.p1.default.params.ldapStringAttributes=uid,mail\npolicyset.set1.p1.default.params.ldap.basedn=\npolicyset.set1.p1.default.params.ldap.maxConns=4\npolicyset.set1.p1.default.params.ldap.minConns=1\npolicyset.set1.p1.default.params.ldap.ldapconn.Version=2\npolicyset.set1.p1.default.params.ldap.ldapconn.host=\npolicyset.set1.p1.default.params.ldap.ldapconn.port=\npolicyset.set1.p1.default.params.ldap.ldapconn.secureConn=false\npolicyset.set1.p2.constraint.class_id=noConstraintImpl\npolicyset.set1.p2.constraint.name=No Constraint\npolicyset.set1.p2.default.class_id=validityDefaultImpl\npolicyset.set1.p2.default.name=Validity Default\npolicyset.set1.p2.default.params.range=1825\npolicyset.set1.p2.default.params.startTime=0\npolicyset.set1.p4.constraint.class_id=noConstraintImpl\npolicyset.set1.p4.constraint.name=No Constraint\npolicyset.set1.p4.default.class_id=signingAlgDefaultImpl\npolicyset.set1.p4.default.name=Signing Algorithm Default\npolicyset.set1.p4.default.params.signingAlg=-\npolicyset.set1.p5.constraint.class_id=noConstraintImpl\npolicyset.set1.p5.constraint.name=No Constraint\npolicyset.set1.p5.default.class_id=keyUsageExtDefaultImpl\npolicyset.set1.p5.default.name=Key Usage Extension Default\npolicyset.set1.p5.default.params.keyUsageCritical=true\npolicyset.set1.p5.default.params.keyUsageCrlSign=false\npolicyset.set1.p5.default.params.keyUsageDataEncipherment=false\npolicyset.set1.p5.default.params.keyUsageDecipherOnly=false\npolicyset.set1.p5.default.params.keyUsageDigitalSignature=true\npolicyset.set1.p5.default.params.keyUsageEncipherOnly=false\npolicyset.set1.p5.default.params.keyUsageKeyAgreement=false\npolicyset.set1.p5.default.params.keyUsageKeyCertSign=false\npolicyset.set1.p5.default.params.keyUsageKeyEncipherment=false\npolicyset.set1.p5.default.params.keyUsageNonRepudiation=true\npolicyset.set1.p6.constraint.class_id=noConstraintImpl\npolicyset.set1.p6.constraint.name=No Constraint\npolicyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl\npolicyset.set1.p6.default.name=Subject Alternative Name Extension Default\npolicyset.set1.p6.default.params.subjAltExtGNEnable_0=true\npolicyset.set1.p6.default.params.subjAltExtGNEnable_1=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_2=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_3=false\npolicyset.set1.p6.default.params.subjAltExtGNEnable_4=false\npolicyset.set1.p6.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$\npolicyset.set1.p6.default.params.subjAltExtPattern_1=\npolicyset.set1.p6.default.params.subjAltExtPattern_2=\npolicyset.set1.p6.default.params.subjAltExtPattern_3=\npolicyset.set1.p6.default.params.subjAltExtPattern_4=\npolicyset.set1.p6.default.params.subjAltExtType_0=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_1=OtherName\npolicyset.set1.p6.default.params.subjAltExtType_2=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_3=RFC822Name\npolicyset.set1.p6.default.params.subjAltExtType_4=RFC822Name\npolicyset.set1.p6.default.params.subjAltNameExtCritical=false\npolicyset.set1.p6.default.params.subjAltNameNumGNs=1\npolicyset.set1.p7.constraint.class_id=noConstraintImpl\npolicyset.set1.p7.constraint.name=No Constraint\npolicyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl\npolicyset.set1.p7.default.name=Certificate Policies Extension Default\npolicyset.set1.p7.default.params.Critical=false\npolicyset.set1.p7.default.params.PoliciesExt.num=5\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=\npolicyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=\npolicyset.set1.p8.constraint.class_id=noConstraintImpl\npolicyset.set1.p8.constraint.name=No Constraint\npolicyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.set1.p8.default.name=Subject Key Identifier Default\npolicyset.set1.p9.constraint.class_id=noConstraintImpl\npolicyset.set1.p9.constraint.name=No Constraint\npolicyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.set1.p9.default.name=Authority Key Identifier Extension Default\npolicyset.set1.10.constraint.class_id=renewGracePeriodConstraintImpl\npolicyset.set1.10.constraint.name=Renewal Grace Period Constraint\npolicyset.set1.10.constraint.params.renewal.graceBefore=30\npolicyset.set1.10.constraint.params.renewal.graceAfter=30\npolicyset.set1.10.default.class_id=noDefaultImpl\npolicyset.set1.10.default.name=No Default\npolicyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl\npolicyset.set1.p12.constraint.name=Basic Constraints Extension Constraint\npolicyset.set1.p12.constraint.params.basicConstraintsCritical=-\npolicyset.set1.p12.constraint.params.basicConstraintsIsCA=-\npolicyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1\npolicyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1\npolicyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl\npolicyset.set1.p12.default.name=Basic Constraints Extension Default\npolicyset.set1.p12.default.params.basicConstraintsCritical=false\npolicyset.set1.p12.default.params.basicConstraintsIsCA=false\npolicyset.set1.p12.default.params.basicConstraintsPathLen=-1\npolicyset.set1.p13.constraint.class_id=noConstraintImpl\npolicyset.set1.p13.constraint.name=No Constraint\npolicyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl\npolicyset.set1.p13.default.params.crlDistPointsCritical=false\npolicyset.set1.p13.default.params.crlDistPointsNum=1\npolicyset.set1.p13.default.params.crlDistPointsEnable_0=false\npolicyset.set1.p13.default.params.crlDistPointsIssuerName_0=\npolicyset.set1.p13.default.params.crlDistPointsIssuerType_0=\npolicyset.set1.p13.default.params.crlDistPointsPointName_0=\npolicyset.set1.p13.default.params.crlDistPointsPointType_0=URIName\npolicyset.set1.p13.default.params.crlDistPointsReasons_0=\npolicyset.set1.p14.constraint.class_id=noConstraintImpl\npolicyset.set1.p14.constraint.name=No Constraint\npolicyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.set1.p14.default.name=AIA Extension Default\npolicyset.set1.p14.default.params.authInfoAccessADEnable_0=false\npolicyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.set1.p14.default.params.authInfoAccessADLocation_0=\npolicyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.set1.p14.default.params.authInfoAccessCritical=false\npolicyset.set1.p14.default.params.authInfoAccessNumADs=1\nprofileId=caTokenUserDelegateSigningKeyEnrollment\nclassId=caUserCertEnrollImpl\n'
8041. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
8042. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
8043. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8044. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8045. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
8046. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
8047. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8048. 2017-05-11T02:30:59Z DEBUG response status 409
8049. 2017-05-11T02:30:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
8050. 2017-05-11T02:30:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
8051. 2017-05-11T02:30:59Z DEBUG Error migrating 'caTokenUserDelegateSigningKeyEnrollment': Non-2xx response from CA REST API: 409. Profile already exists
8052. 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caTokenUserDelegateSigningKeyEnrollment?action=enable
8053. 2017-05-11T02:30:59Z DEBUG request body ''
8054. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
8055. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
8056. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8057. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8058. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
8059. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
8060. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8061. 2017-05-11T02:30:59Z DEBUG response status 500
8062. 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '6208', 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection': 'close', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'text/html;charset=utf-8'}
8063. 2017-05-11T02:30:59Z DEBUG response body '<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.jboss.resteasy.spi.UnhandledException: org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:157)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>root cause</b> <pre>org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: com.netscape.certsrv.base.PKIException$Data of media type: application/x-www-form-urlencoded\n\torg.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(ServerResponseWriter.java:67)\n\torg.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:153)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)\n\torg.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\torg.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)\n\torg.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)\n\tjavax.servlet.http.HttpServlet.service(HttpServlet.java:731)\n\tsun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:175)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\torg.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tsun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)\n\tsun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tjava.lang.reflect.Method.invoke(Method.java:498)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:288)\n\torg.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:285)\n\tjava.security.AccessController.doPrivileged(Native Method)\n\tjavax.security.auth.Subject.doAsPrivileged(Subject.java:549)\n\torg.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:320)\n\torg.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:260)\n</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.69 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>'
8064. 2017-05-11T02:30:59Z DEBUG Failed to enable profile '%s' (it is probably already enabled)
8065. 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
8066. 2017-05-11T02:30:59Z DEBUG request body ''
8067. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
8068. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
8069. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8070. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8071. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
8072. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
8073. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8074. 2017-05-11T02:30:59Z DEBUG response status 204
8075. 2017-05-11T02:30:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=4CA5D5654D25030CFA8BA994A4E39630; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
8076. 2017-05-11T02:30:59Z DEBUG response body ''
8077. 2017-05-11T02:30:59Z DEBUG duration: 6 seconds
8078. 2017-05-11T02:30:59Z DEBUG [28/31]: importing IPA certificate profiles
8079. 2017-05-11T02:30:59Z DEBUG Created connection context.ldap2_83905744
8080. 2017-05-11T02:30:59Z DEBUG Created connection context.ldap2_85558352
8081. 2017-05-11T02:30:59Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
8082. 2017-05-11T02:30:59Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x753ee18>
8083. 2017-05-11T02:30:59Z DEBUG Destroyed connection context.ldap2_85558352
8084. 2017-05-11T02:30:59Z DEBUG Created connection context.ldap2_85557968
8085. 2017-05-11T02:30:59Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
8086. 2017-05-11T02:30:59Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x747a248>
8087. 2017-05-11T02:30:59Z DEBUG Destroyed connection context.ldap2_85557968
8088. 2017-05-11T02:30:59Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
8089. 2017-05-11T02:30:59Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7320128>
8090. 2017-05-11T02:30:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
8091. 2017-05-11T02:30:59Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
8092. 2017-05-11T02:30:59Z DEBUG Trying to find certificate subject base in sysupgrade
8093. 2017-05-11T02:30:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
8094. 2017-05-11T02:30:59Z DEBUG Found certificate subject base in sysupgrade: O=RDLG.NET
8095. 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
8096. 2017-05-11T02:30:59Z DEBUG request body ''
8097. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
8098. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
8099. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8100. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8101. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
8102. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
8103. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8104. 2017-05-11T02:30:59Z DEBUG response status 200
8105. 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=21942F71E553053C62DEEABB57B52EDF; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
8106. 2017-05-11T02:30:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
8107. 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
8108. 2017-05-11T02:30:59Z DEBUG request body 'profileId=IECUserRoles\nclassId=caEnrollImpl\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\n'
8109. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
8110. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
8111. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8112. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8113. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
8114. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
8115. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8116. 2017-05-11T02:30:59Z DEBUG response status 201
8117. 2017-05-11T02:30:59Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-length': '7318', 'content-type': 'application/json', 'location': 'https://ipa.rdlg.net:8443/ca/rest/profiles/raw', 'server': 'Apache-Coyote/1.1'}
8118. 2017-05-11T02:30:59Z DEBUG response body '#Wed May 10 20:30:59 MDT 2017\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=Enroll user certificates with IECUserRoles extension via IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11,12\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.12.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.12.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.12.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.12.default.params.userExtOID=1.2.840.10070.8.1\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.12.default.name=IECUserRoles Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\n'
8119. 2017-05-11T02:30:59Z INFO Profile 'IECUserRoles' successfully migrated to LDAP
8120. 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/IECUserRoles?action=enable
8121. 2017-05-11T02:30:59Z DEBUG request body ''
8122. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
8123. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
8124. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8125. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8126. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
8127. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
8128. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8129. 2017-05-11T02:30:59Z DEBUG response status 204
8130. 2017-05-11T02:30:59Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
8131. 2017-05-11T02:30:59Z DEBUG response body ''
8132. 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
8133. 2017-05-11T02:30:59Z DEBUG request body ''
8134. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
8135. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
8136. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8137. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8138. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
8139. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
8140. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8141. 2017-05-11T02:30:59Z DEBUG response status 204
8142. 2017-05-11T02:30:59Z DEBUG response headers {'set-cookie': 'JSESSIONID=00F7BF6530451CBFBCA82ED0AA9660E8; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
8143. 2017-05-11T02:30:59Z DEBUG response body ''
8144. 2017-05-11T02:30:59Z INFO Imported profile 'IECUserRoles'
8145. 2017-05-11T02:30:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
8146. 2017-05-11T02:30:59Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
8147. 2017-05-11T02:30:59Z DEBUG Trying to find certificate subject base in sysupgrade
8148. 2017-05-11T02:30:59Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
8149. 2017-05-11T02:30:59Z DEBUG Found certificate subject base in sysupgrade: O=RDLG.NET
8150. 2017-05-11T02:30:59Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
8151. 2017-05-11T02:30:59Z DEBUG request body ''
8152. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
8153. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
8154. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8155. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8156. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
8157. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
8158. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8159. 2017-05-11T02:30:59Z DEBUG response status 200
8160. 2017-05-11T02:30:59Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=3A15D74952FE9E0184B4202C7FF0AB85; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
8161. 2017-05-11T02:30:59Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
8162. 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/raw
8163. 2017-05-11T02:30:59Z DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\n'
8164. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
8165. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
8166. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8167. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8168. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
8169. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
8170. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8171. 2017-05-11T02:30:59Z DEBUG response status 409
8172. 2017-05-11T02:30:59Z DEBUG response headers {'transfer-encoding': 'chunked', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/json', 'server': 'Apache-Coyote/1.1'}
8173. 2017-05-11T02:30:59Z DEBUG response body '{"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.ConflictingOperationException","Code":409,"Message":"Profile already exists"}'
8174. 2017-05-11T02:30:59Z DEBUG Error migrating 'caIPAserviceCert': Non-2xx response from CA REST API: 409. Profile already exists
8175. 2017-05-11T02:30:59Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caIPAserviceCert?action=disable
8176. 2017-05-11T02:30:59Z DEBUG request body ''
8177. 2017-05-11T02:30:59Z DEBUG NSSConnection init ipa.rdlg.net
8178. 2017-05-11T02:30:59Z DEBUG Connecting: 172.20.0.200:0
8179. 2017-05-11T02:30:59Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8180. 2017-05-11T02:30:59Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8181. 2017-05-11T02:30:59Z DEBUG handshake complete, peer = 172.20.0.200:8443
8182. 2017-05-11T02:30:59Z DEBUG Protocol: TLS1.2
8183. 2017-05-11T02:30:59Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8184. 2017-05-11T02:31:00Z DEBUG response status 204
8185. 2017-05-11T02:31:00Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
8186. 2017-05-11T02:31:00Z DEBUG response body ''
8187. 2017-05-11T02:31:00Z DEBUG request PUT https://ipa.rdlg.net:8443/ca/rest/profiles/caIPAserviceCert/raw
8188. 2017-05-11T02:31:00Z DEBUG request body 'profileId=caIPAserviceCert\nclassId=caEnrollImpl\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\nvisible=false\nenable=true\nenableBy=admin\nauth.instance_id=raCertAuth\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\ninput.list=i1,i2\ninput.i1.class_id=certReqInputImpl\ninput.i2.class_id=submitterInfoInputImpl\noutput.list=o1\noutput.o1.class_id=certOutputImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\n'
8189. 2017-05-11T02:31:00Z DEBUG NSSConnection init ipa.rdlg.net
8190. 2017-05-11T02:31:00Z DEBUG Connecting: 172.20.0.200:0
8191. 2017-05-11T02:31:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8192. 2017-05-11T02:31:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8193. 2017-05-11T02:31:00Z DEBUG handshake complete, peer = 172.20.0.200:8443
8194. 2017-05-11T02:31:00Z DEBUG Protocol: TLS1.2
8195. 2017-05-11T02:31:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8196. 2017-05-11T02:31:00Z DEBUG response status 200
8197. 2017-05-11T02:31:00Z DEBUG response headers {'content-length': '6993', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/json'}
8198. 2017-05-11T02:31:00Z DEBUG response body '#Wed May 10 20:31:00 MDT 2017\npolicyset.serverCertSet.4.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.5.default.params.authInfoAccessCritical=false\npolicyset.serverCertSet.2.default.params.range=731\npolicyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2\ninput.i2.class_id=submitterInfoInputImpl\nauth.instance_id=raCertAuth\npolicyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true\noutput.o1.class_id=certOutputImpl\npolicyset.serverCertSet.11.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default\npolicyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false\npolicyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsCritical=false\npolicyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl\npolicyset.serverCertSet.3.constraint.name=Key Constraint\npolicyset.serverCertSet.3.constraint.params.keyType=RSA\npolicyset.serverCertSet.2.constraint.params.range=740\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false\npolicyset.serverCertSet.9.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageCritical=true\noutput.list=o1\npolicyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1\npolicyset.serverCertSet.9.default.params.crlDistPointsNum=1\npolicyset.serverCertSet.11.default.name=User Supplied Extension Default\ninput.list=i1,i2\npolicyset.serverCertSet.3.default.name=Key Default\npolicyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false\npolicyset.serverCertSet.2.constraint.class_id=validityConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false\nvisible=false\npolicyset.serverCertSet.9.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true\npolicyset.serverCertSet.10.default.name=Subject Key Identifier Extension Default\ndesc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.\npolicyset.serverCertSet.8.default.name=Signing Alg\npolicyset.serverCertSet.2.constraint.name=Validity Constraint\npolicyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName\npolicyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl\npolicyset.serverCertSet.11.default.params.userExtOID=2.5.29.17\npolicyset.serverCertSet.8.constraint.name=No Constraint\npolicyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false\npolicyset.serverCertSet.10.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.5.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.1.constraint.name=Subject Name Constraint\npolicyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://ipa-ca.rdlg.net/ipa/crl/MasterCRL.bin\npolicyset.serverCertSet.5.default.params.authInfoAccessNumADs=1\npolicyset.serverCertSet.2.default.name=Validity Default\npolicyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl\nenable=true\npolicyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+\npolicyset.serverCertSet.10.default.class_id=subjectKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl\npolicyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate Authority,o=ipaca\npolicyset.serverCertSet.2.constraint.params.notAfterCheck=false\npolicyset.serverCertSet.7.default.name=Extended Key Usage Extension Default\npolicyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true\ninput.i1.class_id=certReqInputImpl\nenableBy=admin\npolicyset.serverCertSet.7.constraint.name=No Constraint\npolicyset.serverCertSet.10.default.params.critical=false\npolicyset.serverCertSet.list=1,2,3,4,5,6,7,8,9,10,11\npolicyset.serverCertSet.1.default.name=Subject Name Default\npolicyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint\npolicyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl\npolicyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl\nname=IPA-RA Agent-Authenticated Server Certificate Enrollment\npolicyset.serverCertSet.4.constraint.class_id=noConstraintImpl\npolicyset.serverCertSet.11.default.class_id=userExtensionDefaultImpl\npolicyset.serverCertSet.2.default.class_id=validityDefaultImpl\npolicyset.serverCertSet.9.default.params.crlDistPointsReasons_0=\npolicyset.serverCertSet.6.default.name=Key Usage Default\npolicyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true\npolicyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl\npolicyset.serverCertSet.6.default.params.keyUsageCritical=true\npolicyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\npolicyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, O=RDLG.NET\npolicyset.serverCertSet.3.default.class_id=userKeyDefaultImpl\npolicyset.serverCertSet.8.default.params.signingAlg=-\npolicyset.serverCertSet.2.default.params.startTime=0\npolicyset.serverCertSet.7.constraint.class_id=noConstraintImpl\npolicyset.list=serverCertSet\npolicyset.serverCertSet.5.constraint.name=No Constraint\npolicyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true\npolicyset.serverCertSet.2.constraint.params.notBeforeCheck=false\npolicyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false\npolicyset.serverCertSet.7.default.params.exKeyUsageCritical=false\npolicyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName\npolicyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true\npolicyset.serverCertSet.5.default.name=AIA Extension Default\npolicyset.serverCertSet.11.constraint.name=No Constraint\npolicyset.serverCertSet.3.constraint.class_id=keyConstraintImpl\npolicyset.serverCertSet.6.default.params.keyUsageCrlSign=false\npolicyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName\npolicyset.serverCertSet.4.default.name=Authority Key Identifier Default\npolicyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl\npolicyset.serverCertSet.10.constraint.name=No Constraint\npolicyset.serverCertSet.1.constraint.params.accept=true\npolicyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=http://ipa-ca.rdlg.net/ca/ocsp\n'
8199. 2017-05-11T02:31:00Z DEBUG request POST https://ipa.rdlg.net:8443/ca/rest/profiles/caIPAserviceCert?action=enable
8200. 2017-05-11T02:31:00Z DEBUG request body ''
8201. 2017-05-11T02:31:00Z DEBUG NSSConnection init ipa.rdlg.net
8202. 2017-05-11T02:31:00Z DEBUG Connecting: 172.20.0.200:0
8203. 2017-05-11T02:31:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8204. 2017-05-11T02:31:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8205. 2017-05-11T02:31:00Z DEBUG handshake complete, peer = 172.20.0.200:8443
8206. 2017-05-11T02:31:00Z DEBUG Protocol: TLS1.2
8207. 2017-05-11T02:31:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8208. 2017-05-11T02:31:00Z DEBUG response status 204
8209. 2017-05-11T02:31:00Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/x-www-form-urlencoded', 'server': 'Apache-Coyote/1.1'}
8210. 2017-05-11T02:31:00Z DEBUG response body ''
8211. 2017-05-11T02:31:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
8212. 2017-05-11T02:31:00Z DEBUG request body ''
8213. 2017-05-11T02:31:00Z DEBUG NSSConnection init ipa.rdlg.net
8214. 2017-05-11T02:31:00Z DEBUG Connecting: 172.20.0.200:0
8215. 2017-05-11T02:31:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8216. 2017-05-11T02:31:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8217. 2017-05-11T02:31:00Z DEBUG handshake complete, peer = 172.20.0.200:8443
8218. 2017-05-11T02:31:00Z DEBUG Protocol: TLS1.2
8219. 2017-05-11T02:31:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8220. 2017-05-11T02:31:00Z DEBUG response status 204
8221. 2017-05-11T02:31:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=612EA2986DFE7F674877A00983A19CDD; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:30:59 GMT', 'content-type': 'application/xml'}
8222. 2017-05-11T02:31:00Z DEBUG response body ''
8223. 2017-05-11T02:31:00Z INFO Imported profile 'caIPAserviceCert'
8224. 2017-05-11T02:31:00Z DEBUG Destroyed connection context.ldap2_83905744
8225. 2017-05-11T02:31:00Z DEBUG duration: 0 seconds
8226. 2017-05-11T02:31:00Z DEBUG [29/31]: adding default CA ACL
8227. 2017-05-11T02:31:00Z DEBUG Created connection context.ldap2_50539920
8228. 2017-05-11T02:31:00Z DEBUG Created connection context.ldap2_83498192
8229. 2017-05-11T02:31:00Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
8230. 2017-05-11T02:31:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x517e908>
8231. 2017-05-11T02:31:00Z DEBUG Destroyed connection context.ldap2_83498192
8232. 2017-05-11T02:31:00Z DEBUG Created connection context.ldap2_85558160
8233. 2017-05-11T02:31:00Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
8234. 2017-05-11T02:31:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x50d8d40>
8235. 2017-05-11T02:31:00Z DEBUG Destroyed connection context.ldap2_85558160
8236. 2017-05-11T02:31:00Z DEBUG raw: caacl_find(None, version=u'2.213')
8237. 2017-05-11T02:31:00Z DEBUG caacl_find(None, all=False, raw=False, version=u'2.213', no_members=True, pkey_only=False)
8238. 2017-05-11T02:31:00Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
8239. 2017-05-11T02:31:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x22649e0>
8240. 2017-05-11T02:31:00Z DEBUG raw: caacl_add(u'hosts_services_caIPAserviceCert', hostcategory=u'all', servicecategory=u'all', version=u'2.213')
8241. 2017-05-11T02:31:00Z DEBUG caacl_add(u'hosts_services_caIPAserviceCert', hostcategory=u'all', servicecategory=u'all', all=False, raw=False, version=u'2.213', no_members=False)
8242. 2017-05-11T02:31:00Z DEBUG raw: caacl_add_profile(u'hosts_services_caIPAserviceCert', version=u'2.213', certprofile=(u'caIPAserviceCert',))
8243. 2017-05-11T02:31:00Z DEBUG caacl_add_profile(u'hosts_services_caIPAserviceCert', all=False, raw=False, version=u'2.213', no_members=False, certprofile=(u'caIPAserviceCert',))
8244. 2017-05-11T02:31:00Z DEBUG add_entry_to_group: dn=cn=caIPAserviceCert,cn=certprofiles,cn=ca,dc=rdlg,dc=net group_dn=ipaUniqueID=df34f9fa-35f1-11e7-9f69-0050568f60a6,cn=caacls,cn=ca,dc=rdlg,dc=net member_attr=ipamembercertprofile
8245. 2017-05-11T02:31:00Z DEBUG Destroyed connection context.ldap2_50539920
8246. 2017-05-11T02:31:00Z DEBUG duration: 0 seconds
8247. 2017-05-11T02:31:00Z DEBUG [30/31]: adding 'ipa' CA entry
8248. 2017-05-11T02:31:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/login
8249. 2017-05-11T02:31:00Z DEBUG request body ''
8250. 2017-05-11T02:31:00Z DEBUG NSSConnection init ipa.rdlg.net
8251. 2017-05-11T02:31:00Z DEBUG Connecting: 172.20.0.200:0
8252. 2017-05-11T02:31:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8253. 2017-05-11T02:31:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8254. 2017-05-11T02:31:00Z DEBUG handshake complete, peer = 172.20.0.200:8443
8255. 2017-05-11T02:31:00Z DEBUG Protocol: TLS1.2
8256. 2017-05-11T02:31:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8257. 2017-05-11T02:31:00Z DEBUG response status 200
8258. 2017-05-11T02:31:00Z DEBUG response headers {'content-length': '218', 'set-cookie': 'JSESSIONID=BE20BBD3EB6FF30E91831E0F9127762A; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:31:00 GMT', 'content-type': 'application/xml'}
8259. 2017-05-11T02:31:00Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Account id="ipara"><Attributes/><FullName>ipara</FullName><Roles><Role>Certificate Manager Agents</Role><Role>Registration Manager Agents</Role></Roles></Account>'
8260. 2017-05-11T02:31:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/authorities/host-authority
8261. 2017-05-11T02:31:00Z DEBUG request body ''
8262. 2017-05-11T02:31:00Z DEBUG NSSConnection init ipa.rdlg.net
8263. 2017-05-11T02:31:00Z DEBUG Connecting: 172.20.0.200:0
8264. 2017-05-11T02:31:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8265. 2017-05-11T02:31:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8266. 2017-05-11T02:31:00Z DEBUG handshake complete, peer = 172.20.0.200:8443
8267. 2017-05-11T02:31:00Z DEBUG Protocol: TLS1.2
8268. 2017-05-11T02:31:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8269. 2017-05-11T02:31:00Z DEBUG response status 200
8270. 2017-05-11T02:31:00Z DEBUG response headers {'transfer-encoding': 'chunked', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:31:00 GMT', 'content-type': 'application/json'}
8271. 2017-05-11T02:31:00Z DEBUG response body '{"isHostAuthority":true,"id":"c170e458-b0c1-4298-8017-1b001e1d4d39","parentID":null,"issuerDN":"CN=Certificate Authority,O=RDLG.NET","serial":1,"dn":"CN=Certificate Authority,O=RDLG.NET","enabled":true,"description":"Host authority","ready":true,"link":null}'
8272. 2017-05-11T02:31:00Z DEBUG request GET https://ipa.rdlg.net:8443/ca/rest/account/logout
8273. 2017-05-11T02:31:00Z DEBUG request body ''
8274. 2017-05-11T02:31:00Z DEBUG NSSConnection init ipa.rdlg.net
8275. 2017-05-11T02:31:00Z DEBUG Connecting: 172.20.0.200:0
8276. 2017-05-11T02:31:00Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8277. 2017-05-11T02:31:00Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8278. 2017-05-11T02:31:00Z DEBUG handshake complete, peer = 172.20.0.200:8443
8279. 2017-05-11T02:31:00Z DEBUG Protocol: TLS1.2
8280. 2017-05-11T02:31:00Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8281. 2017-05-11T02:31:00Z DEBUG response status 204
8282. 2017-05-11T02:31:00Z DEBUG response headers {'set-cookie': 'JSESSIONID=3AEAE1DF36604D792C5B6B4A3E65640E; Path=/ca/; Secure; HttpOnly', 'expires': 'Wed, 31 Dec 1969 17:00:00 MST', 'server': 'Apache-Coyote/1.1', 'cache-control': 'private', 'date': 'Thu, 11 May 2017 02:31:00 GMT', 'content-type': 'application/xml'}
8283. 2017-05-11T02:31:00Z DEBUG response body ''
8284. 2017-05-11T02:31:00Z DEBUG Created connection context.ldap2_50539920
8285. 2017-05-11T02:31:00Z DEBUG Created connection context.ldap2_122102480
8286. 2017-05-11T02:31:00Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
8287. 2017-05-11T02:31:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7491050>
8288. 2017-05-11T02:31:00Z DEBUG Destroyed connection context.ldap2_122102480
8289. 2017-05-11T02:31:00Z DEBUG Created connection context.ldap2_83382864
8290. 2017-05-11T02:31:00Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
8291. 2017-05-11T02:31:00Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4f9bd88>
8292. 2017-05-11T02:31:01Z DEBUG Destroyed connection context.ldap2_83382864
8293. 2017-05-11T02:31:01Z DEBUG Destroyed connection context.ldap2_50539920
8294. 2017-05-11T02:31:01Z DEBUG duration: 0 seconds
8295. 2017-05-11T02:31:01Z DEBUG [31/31]: updating IPA configuration
8296. 2017-05-11T02:31:01Z DEBUG duration: 0 seconds
8297. 2017-05-11T02:31:01Z DEBUG Done configuring certificate server (pki-tomcatd).
8298. 2017-05-11T02:31:01Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
8299. 2017-05-11T02:31:01Z DEBUG Starting external process
8300. 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -f XXXXXXXX -L -n RDLG.NET IPA CA -a
8301. 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
8302. 2017-05-11T02:31:01Z DEBUG stdout=-----BEGIN CERTIFICATE-----
8303. MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
8304. Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
8305. Mjk1NloXDTM3MDUxMTAyMjk1NlowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV
8306. BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
8307. ADCCAQoCggEBAL7p94qOWxiCMRT+Engmh3SKl6MFWOgXWnYfZYd8DikRR+Lhstl0
8308. LYHb9OEbJW7VjhHu6TYfAyunXx1i/FWbDQy+5H/qWUZDUPNeg6D7HsJOnWjEpWsf
8309. 0Y8IR4dqb0nsbvscGZOY6IfxWBvTcoUpb6fATZnjJYJEXKvbwk3Fnedb/yt3Xu4j
8310. mPa59Ey0M43q2oRtgwZKyxn2Jjqkoze27Q6sdvCeHOlFy3kX5tzoTtmQ1moZlkYY
8311. a5crBdiZjG+PIv3VocYU2RzA4/r08Cs173Qpe1TLou/4zJ4Ru7qq1gbWHIN0ZDXB
8312. eO/CGO4iutUTzFZmrKh/eGr5l1EAXEQry+0CAwEAAaOBoDCBnTAfBgNVHSMEGDAW
8313. gBTKFHJz+E5g4+IfmXy8Iq2YQzXe8zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
8314. /wQEAwIBxjAdBgNVHQ4EFgQUyhRyc/hOYOPiH5l8vCKtmEM13vMwOgYIKwYBBQUH
8315. AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j
8316. c3AwDQYJKoZIhvcNAQELBQADggEBAAe2GwBcMyjzUn24OAMxBSDmJTr49ByS4+zu
8317. 7Y7gXVuS5lvMOm+DaM9UZXkQtvPwB3XtOrhX0USUhq1uhDuh2bYfkxKekGPWYyo0
8318. 1jDpvBp8IQaD9tcAJcc+KcAmdN2hV5r372xhWosMlT+gkqNm1tpQ15kzrHJHgGRy
8319. 243aRtXVr1RdTCNOm7Qplj5+xXtFyElcSFkrsqvoQrKnp0GY81zw6OmdQaC4GYAv
8320. uZazc5OlNNpGLDYtN5iT4VR4fIdYkfi174VtNlR1O9ZGZ+on863r9CTUhHmnzz5I
8321. /EfCR4uOA6jCe2XbGJMVhdZzMFWKH1ddo6WHyuzBQANOuqlAt5E=
8322. -----END CERTIFICATE-----
8323.  
8324. 2017-05-11T02:31:01Z DEBUG stderr=
8325. 2017-05-11T02:31:01Z DEBUG Configuring directory server (dirsrv). Estimated time: 10 seconds
8326. 2017-05-11T02:31:01Z DEBUG [1/3]: configuring ssl for ds instance
8327. 2017-05-11T02:31:01Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
8328. 2017-05-11T02:31:01Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
8329. 2017-05-11T02:31:01Z DEBUG Starting external process
8330. 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -O -n ipaCert
8331. 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
8332. 2017-05-11T02:31:01Z DEBUG stdout="RDLG.NET IPA CA" [CN=Certificate Authority,O=RDLG.NET]
8333.  
8334. "ipaCert" [CN=IPA RA,O=RDLG.NET]
8335.  
8336.  
8337. 2017-05-11T02:31:01Z DEBUG stderr=
8338. 2017-05-11T02:31:01Z DEBUG Starting external process
8339. 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L -n RDLG.NET IPA CA -a
8340. 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
8341. 2017-05-11T02:31:01Z DEBUG stdout=-----BEGIN CERTIFICATE-----
8342. MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
8343. Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
8344. Mjk1NloXDTM3MDUxMTAyMjk1NlowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV
8345. BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
8346. ADCCAQoCggEBAL7p94qOWxiCMRT+Engmh3SKl6MFWOgXWnYfZYd8DikRR+Lhstl0
8347. LYHb9OEbJW7VjhHu6TYfAyunXx1i/FWbDQy+5H/qWUZDUPNeg6D7HsJOnWjEpWsf
8348. 0Y8IR4dqb0nsbvscGZOY6IfxWBvTcoUpb6fATZnjJYJEXKvbwk3Fnedb/yt3Xu4j
8349. mPa59Ey0M43q2oRtgwZKyxn2Jjqkoze27Q6sdvCeHOlFy3kX5tzoTtmQ1moZlkYY
8350. a5crBdiZjG+PIv3VocYU2RzA4/r08Cs173Qpe1TLou/4zJ4Ru7qq1gbWHIN0ZDXB
8351. eO/CGO4iutUTzFZmrKh/eGr5l1EAXEQry+0CAwEAAaOBoDCBnTAfBgNVHSMEGDAW
8352. gBTKFHJz+E5g4+IfmXy8Iq2YQzXe8zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
8353. /wQEAwIBxjAdBgNVHQ4EFgQUyhRyc/hOYOPiH5l8vCKtmEM13vMwOgYIKwYBBQUH
8354. AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j
8355. c3AwDQYJKoZIhvcNAQELBQADggEBAAe2GwBcMyjzUn24OAMxBSDmJTr49ByS4+zu
8356. 7Y7gXVuS5lvMOm+DaM9UZXkQtvPwB3XtOrhX0USUhq1uhDuh2bYfkxKekGPWYyo0
8357. 1jDpvBp8IQaD9tcAJcc+KcAmdN2hV5r372xhWosMlT+gkqNm1tpQ15kzrHJHgGRy
8358. 243aRtXVr1RdTCNOm7Qplj5+xXtFyElcSFkrsqvoQrKnp0GY81zw6OmdQaC4GYAv
8359. uZazc5OlNNpGLDYtN5iT4VR4fIdYkfi174VtNlR1O9ZGZ+on863r9CTUhHmnzz5I
8360. /EfCR4uOA6jCe2XbGJMVhdZzMFWKH1ddo6WHyuzBQANOuqlAt5E=
8361. -----END CERTIFICATE-----
8362.  
8363. 2017-05-11T02:31:01Z DEBUG stderr=
8364. 2017-05-11T02:31:01Z DEBUG Starting external process
8365. 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -L -n RDLG.NET IPA CA -a
8366. 2017-05-11T02:31:01Z DEBUG Process finished, return code=255
8367. 2017-05-11T02:31:01Z DEBUG stdout=
8368. 2017-05-11T02:31:01Z DEBUG stderr=certutil: Could not find cert: RDLG.NET IPA CA
8369. : PR_FILE_NOT_FOUND_ERROR: File not found
8370.  
8371. 2017-05-11T02:31:01Z DEBUG Starting external process
8372. 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -N -f /etc/dirsrv/slapd-RDLG-NET//pwdfile.txt
8373. 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
8374. 2017-05-11T02:31:01Z DEBUG stdout=
8375. 2017-05-11T02:31:01Z DEBUG stderr=
8376. 2017-05-11T02:31:01Z DEBUG Starting external process
8377. 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -A -n RDLG.NET IPA CA -t CT,C,C -a
8378. 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
8379. 2017-05-11T02:31:01Z DEBUG stdout=
8380. 2017-05-11T02:31:01Z DEBUG stderr=
8381. 2017-05-11T02:31:01Z DEBUG Starting external process
8382. 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -R -s CN=ipa.rdlg.net,O=RDLG.NET -o /var/lib/ipa/ipa-93vgs6/tmpcertreq -k rsa -g 2048 -z /etc/dirsrv/slapd-RDLG-NET//noise.txt -f /etc/dirsrv/slapd-RDLG-NET//pwdfile.txt -a
8383. 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
8384. 2017-05-11T02:31:01Z DEBUG stdout=
8385. 2017-05-11T02:31:01Z DEBUG stderr=
8386.  
8387. Generating key. This may take a few moments...
8388.  
8389.  
8390. 2017-05-11T02:31:01Z DEBUG request POST https://ipa.rdlg.net:8443/ca/ee/ca/profileSubmitSSLClient
8391. 2017-05-11T02:31:01Z DEBUG request body 'profileId=caIPAserviceCert&requestor_name=IPA+Installer&cert_request=MIICbzCCAVcCAQAwKjERMA8GA1UEChMIUkRMRy5ORVQxFTATBgNVBAMTDGlwYS5y%0D%0AZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMgwaRm6Trb1%0D%0AlL%2B%2FFTUZjc20H%2BUWTjOnUsmuJkuALMdRkRnnJF2IsArm7nxxZavUvSRYw1i0ACcu%0D%0AkICy32Eb3q2lG3xFXzt9ZO%2F%2F5FTYSnR04DsM3uUPaVL9FiDtZDwnPsgPUKIuFXKb%0D%0Ac32bGmjAra3JP7TrzkowRZ8ZewXwRLcmmoT2tNvERrTndvFmnnxhXs5CNCvx308H%0D%0AyyYvRcgH14uAGnn8KdhidCDu0eyzpy3kDweyPfDW7aTqQbuoBvSftvVz9g0IxbOX%0D%0A%2BN8hbIjGN82i%2FryQoPeIvHShYAxVQ8Z%2BbPjCz%2Bz5j0l46m0pybH%2BMxMQEP%2BY456c%0D%0ARSfMHCPLkQ0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAJcP2zhNBx3EkMJv5K%0D%0Ac62goqGHKrS4r8CU%2F%2Fv8%2Fn2JS0m6F%2FvUa%2FV3WC0ymu0xcZZlDSDqa3t1xuV8wcrm%0D%0AUZrpP0J3sRl%2FyrFBWzxgqsX07wm%2BgHFFE%2BusVyWLNVABiEz1OsX6qYNPDIfwh%2FmR%0D%0A77Ngj49UKb3%2BbD%2FP%2BD3v4hjqrjxRYBpXQ%2BTtlNkYvJn%2Fc0ONjEIQHv2eD8exPaiR%0D%0A5Hx%2FA0WMViCnBRml6vCluCCs1ZDPQTu6%2B4TWZXAivUg8GkO2yRQSFKDxDtPioT9X%0D%0AfWFQuReF5ASMmhZSduO0DUt6glMXZxMI%2FnNCrhkQzKChvNsDnHu6VvA4LSYBVLL1%0D%0AX3tU%0A&cert_request_type=pkcs10&xmlOutput=true'
8392. 2017-05-11T02:31:01Z DEBUG NSSConnection init ipa.rdlg.net
8393. 2017-05-11T02:31:01Z DEBUG Connecting: 172.20.0.200:0
8394. 2017-05-11T02:31:01Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
8395. 2017-05-11T02:31:01Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
8396. 2017-05-11T02:31:01Z DEBUG handshake complete, peer = 172.20.0.200:8443
8397. 2017-05-11T02:31:01Z DEBUG Protocol: TLS1.2
8398. 2017-05-11T02:31:01Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
8399. 2017-05-11T02:31:01Z DEBUG response status 200
8400. 2017-05-11T02:31:01Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:31:01 GMT', 'content-length': '1599', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
8401. 2017-05-11T02:31:01Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>0</Status><Requests><Request><Id>8</Id><SubjectDN>CN=ipa.rdlg.net,O=RDLG.NET</SubjectDN><serialno>8</serialno><b64>MIID/jCCAuagAwIBAgIBCDANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExHLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAyMzEwMVoXDTE5MDUxMjAyMzEwMVowKjERMA8GA1UECgwIUkRMRy5ORVQxFTATBgNVBAMMDGlwYS5yZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMgwaRm6Trb1lL+/FTUZjc20H+UWTjOnUsmuJkuALMdRkRnnJF2IsArm7nxxZavUvSRYw1i0ACcukICy32Eb3q2lG3xFXzt9ZO//5FTYSnR04DsM3uUPaVL9FiDtZDwnPsgPUKIuFXKbc32bGmjAra3JP7TrzkowRZ8ZewXwRLcmmoT2tNvERrTndvFmnnxhXs5CNCvx308HyyYvRcgH14uAGnn8KdhidCDu0eyzpy3kDweyPfDW7aTqQbuoBvSftvVz9g0IxbOX+N8hbIjGN82i/ryQoPeIvHShYAxVQ8Z+bPjCz+z5j0l46m0pybH+MxMQEP+Y456cRSfMHCPLkQ0CAwEAAaOCASQwggEgMB8GA1UdIwQYMBaAFMoUcnP4TmDj4h+ZfLwirZhDNd7zMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL2lwYS1jYS5yZGxnLm5ldC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwcwYDVR0fBGwwajBooDCgLoYsaHR0cDovL2lwYS1jYS5yZGxnLm5ldC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFO/ai4muEu3NIASl9/6y7+pL4J0xMA0GCSqGSIb3DQEBCwUAA4IBAQBlEg6LWNp8RFPgumvrJ/KHK7AY+P6BJQ8Zyk+6jfUVc6zuIuNT70Ri/BhAWeiimyfCsuNZMPQQCqeHC/sG4gQb1ICiahL9TdFHVZE6UoFTq/DEuDtzFUldUGj5Aan9BrVH36Z5MGzN4r2Hzf0DzmO02wxPpl9Y073rnF0/H4GmgAkrFrBwwmITsF448My+Q9q8sr4hh8qMdNhyDOgxfCH+fLu613be/r3EYiHvrGtwPDz02jmRIkMfWniDGuZop4LAsqoLfcAJu5oA8TCAijaUDgcm7+SyKl/QQDju2xZDrTjJfqMlymURQrI/CHj3kU7O7zDue2DMZRioLzJW5wLc</b64></Request></Requests></XMLResponse>'
8402. 2017-05-11T02:31:01Z DEBUG Starting external process
8403. 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -A -n Server-Cert -t u,u,u -i /var/lib/ipa/ipa-93vgs6/tmpcert.der -f /etc/dirsrv/slapd-RDLG-NET//pwdfile.txt
8404. 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
8405. 2017-05-11T02:31:01Z DEBUG stdout=
8406. 2017-05-11T02:31:01Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
8407.  
8408. 2017-05-11T02:31:01Z DEBUG Starting external process
8409. 2017-05-11T02:31:01Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -L -n Server-Cert -a
8410. 2017-05-11T02:31:01Z DEBUG Process finished, return code=0
8411. 2017-05-11T02:31:01Z DEBUG stdout=-----BEGIN CERTIFICATE-----
8412. MIID/jCCAuagAwIBAgIBCDANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
8413. Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
8414. MzEwMVoXDTE5MDUxMjAyMzEwMVowKjERMA8GA1UECgwIUkRMRy5ORVQxFTATBgNV
8415. BAMMDGlwYS5yZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
8416. AMgwaRm6Trb1lL+/FTUZjc20H+UWTjOnUsmuJkuALMdRkRnnJF2IsArm7nxxZavU
8417. vSRYw1i0ACcukICy32Eb3q2lG3xFXzt9ZO//5FTYSnR04DsM3uUPaVL9FiDtZDwn
8418. PsgPUKIuFXKbc32bGmjAra3JP7TrzkowRZ8ZewXwRLcmmoT2tNvERrTndvFmnnxh
8419. Xs5CNCvx308HyyYvRcgH14uAGnn8KdhidCDu0eyzpy3kDweyPfDW7aTqQbuoBvSf
8420. tvVz9g0IxbOX+N8hbIjGN82i/ryQoPeIvHShYAxVQ8Z+bPjCz+z5j0l46m0pybH+
8421. MxMQEP+Y456cRSfMHCPLkQ0CAwEAAaOCASQwggEgMB8GA1UdIwQYMBaAFMoUcnP4
8422. TmDj4h+ZfLwirZhDNd7zMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0
8423. cDovL2lwYS1jYS5yZGxnLm5ldC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNV
8424. HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwcwYDVR0fBGwwajBooDCgLoYsaHR0
8425. cDovL2lwYS1jYS5yZGxnLm5ldC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAx
8426. DjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
8427. HQYDVR0OBBYEFO/ai4muEu3NIASl9/6y7+pL4J0xMA0GCSqGSIb3DQEBCwUAA4IB
8428. AQBlEg6LWNp8RFPgumvrJ/KHK7AY+P6BJQ8Zyk+6jfUVc6zuIuNT70Ri/BhAWeii
8429. myfCsuNZMPQQCqeHC/sG4gQb1ICiahL9TdFHVZE6UoFTq/DEuDtzFUldUGj5Aan9
8430. BrVH36Z5MGzN4r2Hzf0DzmO02wxPpl9Y073rnF0/H4GmgAkrFrBwwmITsF448My+
8431. Q9q8sr4hh8qMdNhyDOgxfCH+fLu613be/r3EYiHvrGtwPDz02jmRIkMfWniDGuZo
8432. p4LAsqoLfcAJu5oA8TCAijaUDgcm7+SyKl/QQDju2xZDrTjJfqMlymURQrI/CHj3
8433. kU7O7zDue2DMZRioLzJW5wLc
8434. -----END CERTIFICATE-----
8435.  
8436. 2017-05-11T02:31:01Z DEBUG stderr=
8437. 2017-05-11T02:31:02Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
8438. 2017-05-11T02:31:02Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x5181878>
8439. 2017-05-11T02:31:02Z DEBUG duration: 1 seconds
8440. 2017-05-11T02:31:02Z DEBUG [2/3]: restarting directory server
8441. 2017-05-11T02:31:02Z DEBUG Starting external process
8442. 2017-05-11T02:31:02Z DEBUG args=/bin/systemctl --system daemon-reload
8443. 2017-05-11T02:31:02Z DEBUG Process finished, return code=0
8444. 2017-05-11T02:31:02Z DEBUG stdout=
8445. 2017-05-11T02:31:02Z DEBUG stderr=
8446. 2017-05-11T02:31:02Z DEBUG Starting external process
8447. 2017-05-11T02:31:02Z DEBUG args=/bin/systemctl restart dirsrv@RDLG-NET.service
8448. 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
8449. 2017-05-11T02:31:05Z DEBUG stdout=
8450. 2017-05-11T02:31:05Z DEBUG stderr=
8451. 2017-05-11T02:31:05Z DEBUG Starting external process
8452. 2017-05-11T02:31:05Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
8453. 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
8454. 2017-05-11T02:31:05Z DEBUG stdout=active
8455.  
8456. 2017-05-11T02:31:05Z DEBUG stderr=
8457. 2017-05-11T02:31:05Z DEBUG wait_for_open_ports: localhost [389] timeout 300
8458. 2017-05-11T02:31:05Z DEBUG Starting external process
8459. 2017-05-11T02:31:05Z DEBUG args=/bin/systemctl is-active dirsrv@RDLG-NET.service
8460. 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
8461. 2017-05-11T02:31:05Z DEBUG stdout=active
8462.  
8463. 2017-05-11T02:31:05Z DEBUG stderr=
8464. 2017-05-11T02:31:05Z DEBUG duration: 3 seconds
8465. 2017-05-11T02:31:05Z DEBUG [3/3]: adding CA certificate entry
8466. 2017-05-11T02:31:05Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
8467. 2017-05-11T02:31:05Z DEBUG Starting external process
8468. 2017-05-11T02:31:05Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -L
8469. 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
8470. 2017-05-11T02:31:05Z DEBUG stdout=
8471. Certificate Nickname Trust Attributes
8472. SSL,S/MIME,JAR/XPI
8473.  
8474. Server-Cert u,u,u
8475. RDLG.NET IPA CA CT,C,C
8476.  
8477. 2017-05-11T02:31:05Z DEBUG stderr=
8478. 2017-05-11T02:31:05Z DEBUG Starting external process
8479. 2017-05-11T02:31:05Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -O -n RDLG.NET IPA CA
8480. 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
8481. 2017-05-11T02:31:05Z DEBUG stdout="RDLG.NET IPA CA" [CN=Certificate Authority,O=RDLG.NET]
8482.  
8483.  
8484. 2017-05-11T02:31:05Z DEBUG stderr=
8485. 2017-05-11T02:31:05Z DEBUG Starting external process
8486. 2017-05-11T02:31:05Z DEBUG args=/usr/bin/certutil -d /etc/dirsrv/slapd-RDLG-NET/ -L -n RDLG.NET IPA CA -a
8487. 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
8488. 2017-05-11T02:31:05Z DEBUG stdout=-----BEGIN CERTIFICATE-----
8489. MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
8490. Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
8491. Mjk1NloXDTM3MDUxMTAyMjk1NlowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV
8492. BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
8493. ADCCAQoCggEBAL7p94qOWxiCMRT+Engmh3SKl6MFWOgXWnYfZYd8DikRR+Lhstl0
8494. LYHb9OEbJW7VjhHu6TYfAyunXx1i/FWbDQy+5H/qWUZDUPNeg6D7HsJOnWjEpWsf
8495. 0Y8IR4dqb0nsbvscGZOY6IfxWBvTcoUpb6fATZnjJYJEXKvbwk3Fnedb/yt3Xu4j
8496. mPa59Ey0M43q2oRtgwZKyxn2Jjqkoze27Q6sdvCeHOlFy3kX5tzoTtmQ1moZlkYY
8497. a5crBdiZjG+PIv3VocYU2RzA4/r08Cs173Qpe1TLou/4zJ4Ru7qq1gbWHIN0ZDXB
8498. eO/CGO4iutUTzFZmrKh/eGr5l1EAXEQry+0CAwEAAaOBoDCBnTAfBgNVHSMEGDAW
8499. gBTKFHJz+E5g4+IfmXy8Iq2YQzXe8zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
8500. /wQEAwIBxjAdBgNVHQ4EFgQUyhRyc/hOYOPiH5l8vCKtmEM13vMwOgYIKwYBBQUH
8501. AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j
8502. c3AwDQYJKoZIhvcNAQELBQADggEBAAe2GwBcMyjzUn24OAMxBSDmJTr49ByS4+zu
8503. 7Y7gXVuS5lvMOm+DaM9UZXkQtvPwB3XtOrhX0USUhq1uhDuh2bYfkxKekGPWYyo0
8504. 1jDpvBp8IQaD9tcAJcc+KcAmdN2hV5r372xhWosMlT+gkqNm1tpQ15kzrHJHgGRy
8505. 243aRtXVr1RdTCNOm7Qplj5+xXtFyElcSFkrsqvoQrKnp0GY81zw6OmdQaC4GYAv
8506. uZazc5OlNNpGLDYtN5iT4VR4fIdYkfi174VtNlR1O9ZGZ+on863r9CTUhHmnzz5I
8507. /EfCR4uOA6jCe2XbGJMVhdZzMFWKH1ddo6WHyuzBQANOuqlAt5E=
8508. -----END CERTIFICATE-----
8509.  
8510. 2017-05-11T02:31:05Z DEBUG stderr=
8511. 2017-05-11T02:31:05Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
8512. 2017-05-11T02:31:05Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7493248>
8513. 2017-05-11T02:31:05Z DEBUG duration: 0 seconds
8514. 2017-05-11T02:31:05Z DEBUG Done configuring directory server (dirsrv).
8515. 2017-05-11T02:31:05Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
8516. 2017-05-11T02:31:05Z DEBUG Starting external process
8517. 2017-05-11T02:31:05Z DEBUG args=keyctl get_persistent @s 0
8518. 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
8519. 2017-05-11T02:31:05Z DEBUG stdout=639120935
8520.  
8521. 2017-05-11T02:31:05Z DEBUG stderr=
8522. 2017-05-11T02:31:05Z DEBUG Enabling persistent keyring CCACHE
8523. 2017-05-11T02:31:05Z DEBUG Starting external process
8524. 2017-05-11T02:31:05Z DEBUG args=/bin/systemctl is-active krb5kdc.service
8525. 2017-05-11T02:31:05Z DEBUG Process finished, return code=3
8526. 2017-05-11T02:31:05Z DEBUG stdout=unknown
8527.  
8528. 2017-05-11T02:31:05Z DEBUG stderr=
8529. 2017-05-11T02:31:05Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
8530. 2017-05-11T02:31:05Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
8531. 2017-05-11T02:31:05Z DEBUG Starting external process
8532. 2017-05-11T02:31:05Z DEBUG args=/bin/systemctl stop krb5kdc.service
8533. 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
8534. 2017-05-11T02:31:05Z DEBUG stdout=
8535. 2017-05-11T02:31:05Z DEBUG stderr=
8536. 2017-05-11T02:31:05Z DEBUG Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds
8537. 2017-05-11T02:31:05Z DEBUG [1/9]: adding kerberos container to the directory
8538. 2017-05-11T02:31:05Z DEBUG Starting external process
8539. 2017-05-11T02:31:05Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpXt6UCm -H ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket -x -D cn=Directory Manager -y /tmp/tmpcFAcM2
8540. 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
8541. 2017-05-11T02:31:05Z DEBUG stdout=add objectClass:
8542. krbContainer
8543. top
8544. add cn:
8545. kerberos
8546. adding new entry "cn=kerberos,dc=rdlg,dc=net"
8547. modify complete
8548.  
8549. add cn:
8550. RDLG.NET
8551. add objectClass:
8552. top
8553. krbrealmcontainer
8554. krbticketpolicyaux
8555. add krbSubTrees:
8556. dc=rdlg,dc=net
8557. add krbSearchScope:
8558. 2
8559. add krbSupportedEncSaltTypes:
8560. aes256-cts:normal
8561. aes256-cts:special
8562. aes128-cts:normal
8563. aes128-cts:special
8564. des3-hmac-sha1:normal
8565. des3-hmac-sha1:special
8566. arcfour-hmac:normal
8567. arcfour-hmac:special
8568. camellia128-cts-cmac:normal
8569. camellia128-cts-cmac:special
8570. camellia256-cts-cmac:normal
8571. camellia256-cts-cmac:special
8572. add krbMaxTicketLife:
8573. 86400
8574. add krbMaxRenewableAge:
8575. 604800
8576. add krbDefaultEncSaltTypes:
8577. aes256-cts:special
8578. aes128-cts:special
8579. adding new entry "cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net"
8580. modify complete
8581.  
8582. add objectClass:
8583. top
8584. nsContainer
8585. krbPwdPolicy
8586. add krbMinPwdLife:
8587. 3600
8588. add krbPwdMinDiffChars:
8589. 0
8590. add krbPwdMinLength:
8591. 8
8592. add krbPwdHistoryLength:
8593. 0
8594. add krbMaxPwdLife:
8595. 7776000
8596. add krbPwdMaxFailure:
8597. 6
8598. add krbPwdFailureCountInterval:
8599. 60
8600. add krbPwdLockoutDuration:
8601. 600
8602. adding new entry "cn=global_policy,cn=RDLG.NET,cn=kerberos,dc=rdlg,dc=net"
8603. modify complete
8604.  
8605.  
8606. 2017-05-11T02:31:05Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RDLG-NET.socket/??base )
8607.  
8608. 2017-05-11T02:31:05Z DEBUG duration: 0 seconds
8609. 2017-05-11T02:31:05Z DEBUG [2/9]: configuring KDC
8610. 2017-05-11T02:31:05Z DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf'
8611. 2017-05-11T02:31:05Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
8612. 2017-05-11T02:31:05Z DEBUG Backing up system configuration file '/etc/krb5.conf'
8613. 2017-05-11T02:31:05Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
8614. 2017-05-11T02:31:05Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini'
8615. 2017-05-11T02:31:05Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist
8616. 2017-05-11T02:31:05Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con'
8617. 2017-05-11T02:31:05Z DEBUG -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist
8618. 2017-05-11T02:31:05Z DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con'
8619. 2017-05-11T02:31:05Z DEBUG -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist
8620. 2017-05-11T02:31:05Z DEBUG Starting external process
8621. 2017-05-11T02:31:05Z DEBUG args=klist -V
8622. 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
8623. 2017-05-11T02:31:05Z DEBUG stdout=Kerberos 5 version 1.14.1
8624.  
8625. 2017-05-11T02:31:05Z DEBUG stderr=
8626. 2017-05-11T02:31:05Z DEBUG Backing up system configuration file '/etc/sysconfig/krb5kdc'
8627. 2017-05-11T02:31:05Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
8628. 2017-05-11T02:31:05Z DEBUG Starting external process
8629. 2017-05-11T02:31:05Z DEBUG args=/usr/sbin/selinuxenabled
8630. 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
8631. 2017-05-11T02:31:05Z DEBUG stdout=
8632. 2017-05-11T02:31:05Z DEBUG stderr=
8633. 2017-05-11T02:31:05Z DEBUG Starting external process
8634. 2017-05-11T02:31:05Z DEBUG args=/sbin/restorecon /etc/sysconfig/krb5kdc
8635. 2017-05-11T02:31:05Z DEBUG Process finished, return code=0
8636. 2017-05-11T02:31:05Z DEBUG stdout=
8637. 2017-05-11T02:31:05Z DEBUG stderr=
8638. 2017-05-11T02:31:05Z DEBUG duration: 0 seconds
8639. 2017-05-11T02:31:05Z DEBUG [3/9]: initialize kerberos container
8640. 2017-05-11T02:31:05Z DEBUG WARNING: Your system is running out of entropy, you may experience long delays
8641. 2017-05-11T02:31:05Z DEBUG WARNING: Your system is running out of entropy, you may experience long delays
8642. 2017-05-11T02:31:05Z DEBUG Starting external process
8643. 2017-05-11T02:31:05Z DEBUG args=kdb5_util create -s -r RDLG.NET -x ipa-setup-override-restrictions
8644. 2017-05-11T02:35:38Z DEBUG Process finished, return code=0
8645. 2017-05-11T02:35:38Z DEBUG stdout=Loading random data
8646. Initializing database '/var/kerberos/krb5kdc/principal' for realm 'RDLG.NET',
8647. master key name 'K/M@RDLG.NET'
8648. You will be prompted for the database Master Password.
8649. It is important that you NOT FORGET this password.
8650. Enter KDC database master key:
8651. Re-enter KDC database master key to verify:
8652.  
8653. 2017-05-11T02:35:38Z DEBUG stderr=
8654. 2017-05-11T02:35:38Z DEBUG duration: 272 seconds
8655. 2017-05-11T02:35:38Z DEBUG [4/9]: adding default ACIs
8656. 2017-05-11T02:35:38Z DEBUG Starting external process
8657. 2017-05-11T02:35:38Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmpycj9Ve -H ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket -x -D cn=Directory Manager -y /tmp/tmpUDVrpn
8658. 2017-05-11T02:35:38Z DEBUG Process finished, return code=0
8659. 2017-05-11T02:35:38Z DEBUG stdout=add aci:
8660. (targetattr = "userpassword || krbprincipalkey || sambalmpassword || sambantpassword")(version 3.0; acl "selfservice:Self can write own password"; allow (write) userdn="ldap:///self";)
8661. modifying entry "dc=rdlg,dc=net"
8662. modify complete
8663.  
8664. add aci:
8665. (targetattr = "givenname || sn || cn || displayname || title || initials || loginshell || gecos || homephone || mobile || pager || facsimiletelephonenumber || telephonenumber || street || roomnumber || l || st || postalcode || manager || secretary || description || carlicense || labeleduri || inetuserhttpurl || seealso || employeetype || businesscategory || ou")(version 3.0;acl "selfservice:User Self service";allow (write) userdn = "ldap:///self";)
8666. (targetattr = "ipasshpubkey")(version 3.0;acl "selfservice:Users can manage their own SSH public keys";allow (write) userdn = "ldap:///self";)
8667. (targetattr = "usercertificate")(version 3.0;acl "selfservice:Users can manage their own X.509 certificates";allow (write) userdn = "ldap:///self";)
8668. modifying entry "dc=rdlg,dc=net"
8669. modify complete
8670.  
8671. add aci:
8672. (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
8673. modifying entry "cn=etc,dc=rdlg,dc=net"
8674. modify complete
8675.  
8676. add aci:
8677. (targetfilter = "(|(objectClass=ipaConfigObject)(dnahostname=*))")(version 3.0;acl "Admins can change GUI config"; allow (delete) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
8678. modifying entry "cn=ipa,cn=etc,dc=rdlg,dc=net"
8679. modify complete
8680.  
8681. add aci:
8682. (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
8683. (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
8684. (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Users allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#USERDN";)
8685. (targetattr="ipaProtectedOperation;read_keys")(version 3.0; acl "Groups allowed to retrieve keytab keys"; allow(read) userattr="ipaAllowedToPerform;read_keys#GROUPDN";)
8686. (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Users allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#USERDN";)
8687. (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Groups allowed to create keytab keys"; allow(write) userattr="ipaAllowedToPerform;write_keys#GROUPDN";)
8688. (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey themselves"; allow(write) userdn="ldap:///self";)
8689. (targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Admins are allowed to rekey any entity"; allow(write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
8690. (targetfilter="(|(objectclass=ipaHost)(objectclass=ipaService))")(targetattr="ipaProtectedOperation;write_keys")(version 3.0; acl "Entities are allowed to rekey managed entries"; allow(write) userattr="managedby#USERDN";)
8691. modifying entry "cn=accounts,dc=rdlg,dc=net"
8692. modify complete
8693.  
8694. add aci:
8695. (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage service keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
8696. modifying entry "cn=services,cn=accounts,dc=rdlg,dc=net"
8697. modify complete
8698.  
8699. add aci:
8700. (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage service Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)
8701. modifying entry "cn=services,cn=accounts,dc=rdlg,dc=net"
8702. modify complete
8703.  
8704. add aci:
8705. (targetattr="usercertificate || krblastpwdchange || description || l || nshostlocation || nshardwareplatform || nsosversion")(version 3.0; acl "Hosts can modify their own certs and keytabs"; allow(write) userdn = "ldap:///self";)
8706. (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can modify their own SSH public keys"; allow(write) userdn = "ldap:///self";)
8707. modifying entry "cn=computers,cn=accounts,dc=rdlg,dc=net"
8708. modify complete
8709.  
8710. add aci:
8711. (targetattr="userCertificate || krbPrincipalKey")(version 3.0; acl "Hosts can manage other host Certificates and kerberos keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)
8712. (targetattr="ipasshpubkey")(version 3.0; acl "Hosts can manage other host SSH public keys"; allow(write) userattr = "parent[0,1].managedby#USERDN";)
8713. modifying entry "cn=computers,cn=accounts,dc=rdlg,dc=net"
8714. modify complete
8715.  
8716. add aci:
8717. (targetattr = "krbPrincipalKey || krbLastPwdChange")(target = "ldap:///fqdn=*,cn=computers,cn=accounts,dc=rdlg,dc=net")(version 3.0;acl "Admins can manage host keytab";allow (write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=rdlg,dc=net";)
8718. modifying entry "cn=computers,cn=accounts,dc=rdlg,dc=net"
8719. modify complete
8720.  
8721. add aci:
8722. (targetattr="userPassword || krbPrincipalKey")(version 3.0; acl "Search existence of password and kerberos keys"; allow(search) userdn = "ldap:///all";)
8723. modifying entry "cn=accounts,dc=rdlg,dc=net"
8724. modify complete
8725.  
8726. add aci:
8727. (targetfilter = "(objectClass=ipaToken)")(targetattrs = "objectclass || description || managedBy || ipatokenUniqueID || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial || ipatokenOwner")(version 3.0; acl "Users/managers can read basic token info"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)
8728. (targetfilter = "(objectClass=ipatokenTOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits || ipatokenTOTPtimeStep")(version 3.0; acl "Users/managers can see TOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)
8729. (targetfilter = "(objectClass=ipatokenHOTP)")(targetattrs = "ipatokenOTPalgorithm || ipatokenOTPdigits")(version 3.0; acl "Users/managers can see HOTP details"; allow (read, search, compare) userattr = "ipatokenOwner#USERDN" or userattr = "managedBy#USERDN";)
8730. (targetfilter = "(objectClass=ipaToken)")(targetattrs = "description || ipatokenDisabled || ipatokenNotBefore || ipatokenNotAfter || ipatokenVendor || ipatokenModel || ipatokenSerial")(version 3.0; acl "Managers can write basic token info"; allow (write) userattr = "managedBy#USERDN";)
8731. (targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Managers can delete tokens"; allow (delete) userattr = "managedBy#USERDN";)
8732. (target = "ldap:///ipatokenuniqueid=*,cn=otp,dc=rdlg,dc=net")(targetfilter = "(objectClass=ipaToken)")(version 3.0; acl "Users can create self-managed tokens"; allow (add) userattr = "ipatokenOwner#SELFDN" and userattr = "managedBy#SELFDN";)
8733. modifying entry "dc=rdlg,dc=net"
8734. modify complete
8735.  
8736.  
8737. 2017-05-11T02:35:38Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RDLG-NET.socket/??base )
8738.  
8739. 2017-05-11T02:35:38Z DEBUG duration: 0 seconds
8740. 2017-05-11T02:35:38Z DEBUG [5/9]: creating a keytab for the directory
8741. 2017-05-11T02:35:38Z DEBUG Starting external process
8742. 2017-05-11T02:35:38Z DEBUG args=kadmin.local -q addprinc -randkey ldap/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
8743. 2017-05-11T02:35:38Z DEBUG Process finished, return code=0
8744. 2017-05-11T02:35:38Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
8745. Principal "ldap/ipa.rdlg.net@RDLG.NET" created.
8746.  
8747. 2017-05-11T02:35:38Z DEBUG stderr=WARNING: no policy specified for ldap/ipa.rdlg.net@RDLG.NET; defaulting to no policy
8748.  
8749. 2017-05-11T02:35:38Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
8750. 2017-05-11T02:35:38Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7481d88>
8751. 2017-05-11T02:35:38Z DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab'
8752. 2017-05-11T02:35:38Z DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist
8753. 2017-05-11T02:35:38Z DEBUG Starting external process
8754. 2017-05-11T02:35:38Z DEBUG args=kadmin.local -q ktadd -k /etc/dirsrv/ds.keytab ldap/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
8755. 2017-05-11T02:35:38Z DEBUG Process finished, return code=0
8756. 2017-05-11T02:35:38Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
8757. Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab.
8758. Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/dirsrv/ds.keytab.
8759. Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/dirsrv/ds.keytab.
8760. Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/dirsrv/ds.keytab.
8761. Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab.
8762. Entry for principal ldap/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/dirsrv/ds.keytab.
8763.  
8764. 2017-05-11T02:35:38Z DEBUG stderr=
8765. 2017-05-11T02:35:38Z DEBUG duration: 0 seconds
8766. 2017-05-11T02:35:38Z DEBUG [6/9]: creating a keytab for the machine
8767. 2017-05-11T02:35:38Z DEBUG Starting external process
8768. 2017-05-11T02:35:38Z DEBUG args=kadmin.local -q addprinc -randkey host/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
8769. 2017-05-11T02:35:38Z DEBUG Process finished, return code=0
8770. 2017-05-11T02:35:38Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
8771. Principal "host/ipa.rdlg.net@RDLG.NET" created.
8772.  
8773. 2017-05-11T02:35:38Z DEBUG stderr=WARNING: no policy specified for host/ipa.rdlg.net@RDLG.NET; defaulting to no policy
8774.  
8775. 2017-05-11T02:35:38Z DEBUG Backing up system configuration file '/etc/krb5.keytab'
8776. 2017-05-11T02:35:38Z DEBUG -> Not backing up - '/etc/krb5.keytab' doesn't exist
8777. 2017-05-11T02:35:38Z DEBUG Starting external process
8778. 2017-05-11T02:35:38Z DEBUG args=kadmin.local -q ktadd -k /etc/krb5.keytab host/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
8779. 2017-05-11T02:35:38Z DEBUG Process finished, return code=0
8780. 2017-05-11T02:35:38Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
8781. Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab.
8782. Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab.
8783. Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/krb5.keytab.
8784. Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/krb5.keytab.
8785. Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/krb5.keytab.
8786. Entry for principal host/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/krb5.keytab.
8787.  
8788. 2017-05-11T02:35:38Z DEBUG stderr=
8789. 2017-05-11T02:35:38Z DEBUG importing all plugin modules in ipaserver.plugins...
8790. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.aci
8791. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.automember
8792. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.automount
8793. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.baseldap
8794. 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
8795. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.baseuser
8796. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.batch
8797. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.ca
8798. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.caacl
8799. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.cert
8800. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.certprofile
8801. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.config
8802. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.delegation
8803. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.dns
8804. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.dnsserver
8805. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.dogtag
8806. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.domainlevel
8807. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.group
8808. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.hbac
8809. 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
8810. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.hbacrule
8811. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
8812. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
8813. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.hbactest
8814. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.host
8815. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.hostgroup
8816. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.idrange
8817. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.idviews
8818. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.internal
8819. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.join
8820. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
8821. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.ldap2
8822. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.location
8823. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.migration
8824. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.misc
8825. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.netgroup
8826. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.otp
8827. 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.otp is not a valid plugin module
8828. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.otpconfig
8829. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.otptoken
8830. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.passwd
8831. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.permission
8832. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.ping
8833. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.pkinit
8834. 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module
8835. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.privilege
8836. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
8837. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.rabase
8838. 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
8839. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
8840. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.realmdomains
8841. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.role
8842. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.schema
8843. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.selfservice
8844. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
8845. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.server
8846. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.serverrole
8847. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.serverroles
8848. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.service
8849. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
8850. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.session
8851. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.stageuser
8852. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.sudo
8853. 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
8854. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.sudocmd
8855. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
8856. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.sudorule
8857. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.topology
8858. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.trust
8859. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.user
8860. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.vault
8861. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.virtual
8862. 2017-05-11T02:35:38Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
8863. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.plugins.xmlserver
8864. 2017-05-11T02:35:38Z DEBUG importing all plugin modules in ipaserver.install.plugins...
8865. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
8866. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
8867. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.dns
8868. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
8869. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
8870. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
8871. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
8872. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
8873. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
8874. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
8875. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
8876. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
8877. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_services
8878. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
8879. 2017-05-11T02:35:38Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
8880. 2017-05-11T02:35:40Z DEBUG Created connection context.ldap2_123162512
8881. 2017-05-11T02:35:40Z DEBUG Destroyed connection context.ldap2_123162512
8882. 2017-05-11T02:35:40Z DEBUG Created connection context.ldap2_123162512
8883. 2017-05-11T02:35:40Z DEBUG Parsing update file '/usr/share/ipa/updates/20-ipaservers_hostgroup.update'
8884. 2017-05-11T02:35:40Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
8885. 2017-05-11T02:35:40Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9893170>
8886. 2017-05-11T02:35:40Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net
8887. 2017-05-11T02:35:40Z DEBUG ---------------------------------------------
8888. 2017-05-11T02:35:40Z DEBUG Initial value
8889. 2017-05-11T02:35:40Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net
8890. 2017-05-11T02:35:40Z DEBUG objectClass:
8891. 2017-05-11T02:35:40Z DEBUG top
8892. 2017-05-11T02:35:40Z DEBUG groupOfNames
8893. 2017-05-11T02:35:40Z DEBUG nestedGroup
8894. 2017-05-11T02:35:40Z DEBUG ipaobject
8895. 2017-05-11T02:35:40Z DEBUG ipahostgroup
8896. 2017-05-11T02:35:40Z DEBUG cn:
8897. 2017-05-11T02:35:40Z DEBUG ipaservers
8898. 2017-05-11T02:35:40Z DEBUG ipaUniqueID:
8899. 2017-05-11T02:35:40Z DEBUG 97269128-35f1-11e7-bc0a-0050568f60a6
8900. 2017-05-11T02:35:40Z DEBUG description:
8901. 2017-05-11T02:35:40Z DEBUG IPA server hosts
8902. 2017-05-11T02:35:40Z DEBUG ---------------------------------------------
8903. 2017-05-11T02:35:40Z DEBUG Final value after applying updates
8904. 2017-05-11T02:35:40Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net
8905. 2017-05-11T02:35:40Z DEBUG objectClass:
8906. 2017-05-11T02:35:40Z DEBUG top
8907. 2017-05-11T02:35:40Z DEBUG groupOfNames
8908. 2017-05-11T02:35:40Z DEBUG nestedGroup
8909. 2017-05-11T02:35:40Z DEBUG ipaobject
8910. 2017-05-11T02:35:40Z DEBUG ipahostgroup
8911. 2017-05-11T02:35:40Z DEBUG cn:
8912. 2017-05-11T02:35:40Z DEBUG ipaservers
8913. 2017-05-11T02:35:40Z DEBUG ipaUniqueID:
8914. 2017-05-11T02:35:40Z DEBUG 97269128-35f1-11e7-bc0a-0050568f60a6
8915. 2017-05-11T02:35:40Z DEBUG description:
8916. 2017-05-11T02:35:40Z DEBUG IPA server hosts
8917. 2017-05-11T02:35:40Z DEBUG []
8918. 2017-05-11T02:35:40Z DEBUG Updated 0
8919. 2017-05-11T02:35:40Z DEBUG Done
8920. 2017-05-11T02:35:40Z DEBUG Updating existing entry: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net
8921. 2017-05-11T02:35:40Z DEBUG ---------------------------------------------
8922. 2017-05-11T02:35:40Z DEBUG Initial value
8923. 2017-05-11T02:35:40Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net
8924. 2017-05-11T02:35:40Z DEBUG objectClass:
8925. 2017-05-11T02:35:40Z DEBUG top
8926. 2017-05-11T02:35:40Z DEBUG groupOfNames
8927. 2017-05-11T02:35:40Z DEBUG nestedGroup
8928. 2017-05-11T02:35:40Z DEBUG ipaobject
8929. 2017-05-11T02:35:40Z DEBUG ipahostgroup
8930. 2017-05-11T02:35:40Z DEBUG cn:
8931. 2017-05-11T02:35:40Z DEBUG ipaservers
8932. 2017-05-11T02:35:40Z DEBUG ipaUniqueID:
8933. 2017-05-11T02:35:40Z DEBUG 97269128-35f1-11e7-bc0a-0050568f60a6
8934. 2017-05-11T02:35:40Z DEBUG description:
8935. 2017-05-11T02:35:40Z DEBUG IPA server hosts
8936. 2017-05-11T02:35:40Z DEBUG add: 'fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net' to member, current value []
8937. 2017-05-11T02:35:40Z DEBUG add: updated value ['fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net']
8938. 2017-05-11T02:35:40Z DEBUG ---------------------------------------------
8939. 2017-05-11T02:35:40Z DEBUG Final value after applying updates
8940. 2017-05-11T02:35:40Z DEBUG dn: cn=ipaservers,cn=hostgroups,cn=accounts,dc=rdlg,dc=net
8941. 2017-05-11T02:35:40Z DEBUG objectClass:
8942. 2017-05-11T02:35:40Z DEBUG top
8943. 2017-05-11T02:35:40Z DEBUG groupOfNames
8944. 2017-05-11T02:35:40Z DEBUG nestedGroup
8945. 2017-05-11T02:35:40Z DEBUG ipaobject
8946. 2017-05-11T02:35:40Z DEBUG ipahostgroup
8947. 2017-05-11T02:35:40Z DEBUG member:
8948. 2017-05-11T02:35:40Z DEBUG fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net
8949. 2017-05-11T02:35:40Z DEBUG cn:
8950. 2017-05-11T02:35:40Z DEBUG ipaservers
8951. 2017-05-11T02:35:40Z DEBUG ipaUniqueID:
8952. 2017-05-11T02:35:40Z DEBUG 97269128-35f1-11e7-bc0a-0050568f60a6
8953. 2017-05-11T02:35:40Z DEBUG description:
8954. 2017-05-11T02:35:40Z DEBUG IPA server hosts
8955. 2017-05-11T02:35:40Z DEBUG [(2, u'member', ['fqdn=ipa.rdlg.net,cn=computers,cn=accounts,dc=rdlg,dc=net'])]
8956. 2017-05-11T02:35:40Z DEBUG Updated 1
8957. 2017-05-11T02:35:40Z DEBUG Done
8958. 2017-05-11T02:35:40Z DEBUG Destroyed connection context.ldap2_123162512
8959. 2017-05-11T02:35:40Z DEBUG duration: 1 seconds
8960. 2017-05-11T02:35:40Z DEBUG [7/9]: adding the password extension to the directory
8961. 2017-05-11T02:35:40Z DEBUG Starting external process
8962. 2017-05-11T02:35:40Z DEBUG args=/usr/bin/ldapmodify -v -f /tmp/tmp5TDLO1 -H ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket -x -D cn=Directory Manager -y /tmp/tmpFgblH6
8963. 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
8964. 2017-05-11T02:35:40Z DEBUG stdout=add objectclass:
8965. top
8966. nsSlapdPlugin
8967. extensibleObject
8968. add cn:
8969. ipa_pwd_extop
8970. add nsslapd-pluginpath:
8971. libipa_pwd_extop
8972. add nsslapd-plugininitfunc:
8973. ipapwd_init
8974. add nsslapd-plugintype:
8975. extendedop
8976. add nsslapd-pluginbetxn:
8977. on
8978. add nsslapd-pluginenabled:
8979. on
8980. add nsslapd-pluginid:
8981. ipa_pwd_extop
8982. add nsslapd-pluginversion:
8983. 1.0
8984. add nsslapd-pluginvendor:
8985. RedHat
8986. add nsslapd-plugindescription:
8987. Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.)
8988. add nsslapd-plugin-depends-on-type:
8989. database
8990. add nsslapd-realmTree:
8991. dc=rdlg,dc=net
8992. adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config"
8993. modify complete
8994.  
8995.  
8996. 2017-05-11T02:35:40Z DEBUG stderr=ldap_initialize( ldapi://%2Fvar%2Frun%2Fslapd-RDLG-NET.socket/??base )
8997.  
8998. 2017-05-11T02:35:40Z DEBUG duration: 0 seconds
8999. 2017-05-11T02:35:40Z DEBUG [8/9]: starting the KDC
9000. 2017-05-11T02:35:40Z DEBUG Starting external process
9001. 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl start krb5kdc.service
9002. 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
9003. 2017-05-11T02:35:40Z DEBUG stdout=
9004. 2017-05-11T02:35:40Z DEBUG stderr=
9005. 2017-05-11T02:35:40Z DEBUG Starting external process
9006. 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl is-active krb5kdc.service
9007. 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
9008. 2017-05-11T02:35:40Z DEBUG stdout=active
9009.  
9010. 2017-05-11T02:35:40Z DEBUG stderr=
9011. 2017-05-11T02:35:40Z DEBUG duration: 0 seconds
9012. 2017-05-11T02:35:40Z DEBUG [9/9]: configuring KDC to start on boot
9013. 2017-05-11T02:35:40Z DEBUG Starting external process
9014. 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl is-enabled krb5kdc.service
9015. 2017-05-11T02:35:40Z DEBUG Process finished, return code=1
9016. 2017-05-11T02:35:40Z DEBUG stdout=disabled
9017.  
9018. 2017-05-11T02:35:40Z DEBUG stderr=
9019. 2017-05-11T02:35:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9020. 2017-05-11T02:35:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9021. 2017-05-11T02:35:40Z DEBUG Starting external process
9022. 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl disable krb5kdc.service
9023. 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
9024. 2017-05-11T02:35:40Z DEBUG stdout=
9025. 2017-05-11T02:35:40Z DEBUG stderr=
9026. 2017-05-11T02:35:40Z DEBUG duration: 0 seconds
9027. 2017-05-11T02:35:40Z DEBUG Done configuring Kerberos KDC (krb5kdc).
9028. 2017-05-11T02:35:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9029. 2017-05-11T02:35:40Z DEBUG Configuring kadmin
9030. 2017-05-11T02:35:40Z DEBUG [1/2]: starting kadmin
9031. 2017-05-11T02:35:40Z DEBUG Starting external process
9032. 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl is-active kadmin.service
9033. 2017-05-11T02:35:40Z DEBUG Process finished, return code=3
9034. 2017-05-11T02:35:40Z DEBUG stdout=unknown
9035.  
9036. 2017-05-11T02:35:40Z DEBUG stderr=
9037. 2017-05-11T02:35:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9038. 2017-05-11T02:35:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9039. 2017-05-11T02:35:40Z DEBUG Starting external process
9040. 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl restart kadmin.service
9041. 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
9042. 2017-05-11T02:35:40Z DEBUG stdout=
9043. 2017-05-11T02:35:40Z DEBUG stderr=
9044. 2017-05-11T02:35:40Z DEBUG Starting external process
9045. 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl is-active kadmin.service
9046. 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
9047. 2017-05-11T02:35:40Z DEBUG stdout=active
9048.  
9049. 2017-05-11T02:35:40Z DEBUG stderr=
9050. 2017-05-11T02:35:40Z DEBUG duration: 0 seconds
9051. 2017-05-11T02:35:40Z DEBUG [2/2]: configuring kadmin to start on boot
9052. 2017-05-11T02:35:40Z DEBUG Starting external process
9053. 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl is-enabled kadmin.service
9054. 2017-05-11T02:35:40Z DEBUG Process finished, return code=1
9055. 2017-05-11T02:35:40Z DEBUG stdout=disabled
9056.  
9057. 2017-05-11T02:35:40Z DEBUG stderr=
9058. 2017-05-11T02:35:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9059. 2017-05-11T02:35:40Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9060. 2017-05-11T02:35:40Z DEBUG Starting external process
9061. 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl disable kadmin.service
9062. 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
9063. 2017-05-11T02:35:40Z DEBUG stdout=
9064. 2017-05-11T02:35:40Z DEBUG stderr=
9065. 2017-05-11T02:35:40Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
9066. 2017-05-11T02:35:40Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e3ccb0>
9067. 2017-05-11T02:35:40Z DEBUG duration: 0 seconds
9068. 2017-05-11T02:35:40Z DEBUG Done configuring kadmin.
9069. 2017-05-11T02:35:40Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9070. 2017-05-11T02:35:40Z DEBUG Starting external process
9071. 2017-05-11T02:35:40Z DEBUG args=/bin/systemctl disable pki-tomcatd.target
9072. 2017-05-11T02:35:40Z DEBUG Process finished, return code=0
9073. 2017-05-11T02:35:40Z DEBUG stdout=
9074. 2017-05-11T02:35:40Z DEBUG stderr=Removed symlink /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target.
9075.  
9076. 2017-05-11T02:35:40Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
9077. 2017-05-11T02:35:40Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9a3b908>
9078. 2017-05-11T02:35:41Z DEBUG Ensuring that service pki-tomcatd@pki-tomcat is not running while the next set of commands is being executed.
9079. 2017-05-11T02:35:41Z DEBUG Starting external process
9080. 2017-05-11T02:35:41Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
9081. 2017-05-11T02:35:41Z DEBUG Process finished, return code=0
9082. 2017-05-11T02:35:41Z DEBUG stdout=active
9083.  
9084. 2017-05-11T02:35:41Z DEBUG stderr=
9085. 2017-05-11T02:35:41Z DEBUG Stopping pki-tomcatd@pki-tomcat.
9086. 2017-05-11T02:35:41Z DEBUG Starting external process
9087. 2017-05-11T02:35:41Z DEBUG args=/bin/systemctl stop pki-tomcatd@pki-tomcat.service
9088. 2017-05-11T02:35:41Z DEBUG Process finished, return code=0
9089. 2017-05-11T02:35:41Z DEBUG stdout=
9090. 2017-05-11T02:35:41Z DEBUG stderr=
9091. 2017-05-11T02:35:41Z DEBUG Starting pki-tomcatd@pki-tomcat.
9092. 2017-05-11T02:35:41Z DEBUG Starting external process
9093. 2017-05-11T02:35:41Z DEBUG args=/bin/systemctl start pki-tomcatd@pki-tomcat.service
9094. 2017-05-11T02:35:41Z DEBUG Process finished, return code=0
9095. 2017-05-11T02:35:41Z DEBUG stdout=
9096. 2017-05-11T02:35:41Z DEBUG stderr=
9097. 2017-05-11T02:35:41Z DEBUG Starting external process
9098. 2017-05-11T02:35:41Z DEBUG args=/bin/systemctl is-active pki-tomcatd@pki-tomcat.service
9099. 2017-05-11T02:35:41Z DEBUG Process finished, return code=0
9100. 2017-05-11T02:35:41Z DEBUG stdout=active
9101.  
9102. 2017-05-11T02:35:41Z DEBUG stderr=
9103. 2017-05-11T02:35:41Z DEBUG wait_for_open_ports: localhost [8080, 8443] timeout 300
9104. 2017-05-11T02:35:43Z DEBUG Waiting until the CA is running
9105. 2017-05-11T02:35:43Z DEBUG request POST http://ipa.rdlg.net:8080/ca/admin/ca/getStatus
9106. 2017-05-11T02:35:43Z DEBUG request body ''
9107. 2017-05-11T02:35:50Z DEBUG response status 200
9108. 2017-05-11T02:35:50Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:35:49 GMT', 'content-length': '170', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
9109. 2017-05-11T02:35:50Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.3.3-18.el7_3</Version></XMLResponse>'
9110. 2017-05-11T02:35:50Z DEBUG The CA status is: running
9111. 2017-05-11T02:35:50Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
9112. 2017-05-11T02:35:50Z INFO [Set up lightweight CA key retrieval]
9113. 2017-05-11T02:35:50Z INFO Creating principal
9114. 2017-05-11T02:35:50Z DEBUG Starting external process
9115. 2017-05-11T02:35:50Z DEBUG args=kadmin.local -q addprinc -randkey dogtag/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
9116. 2017-05-11T02:35:50Z DEBUG Process finished, return code=0
9117. 2017-05-11T02:35:50Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
9118. Principal "dogtag/ipa.rdlg.net@RDLG.NET" created.
9119.  
9120. 2017-05-11T02:35:50Z DEBUG stderr=WARNING: no policy specified for dogtag/ipa.rdlg.net@RDLG.NET; defaulting to no policy
9121.  
9122. 2017-05-11T02:35:50Z INFO Retrieving keytab
9123. 2017-05-11T02:35:50Z DEBUG Starting external process
9124. 2017-05-11T02:35:50Z DEBUG args=kadmin.local -q ktadd -k /etc/pki/pki-tomcat/dogtag.keytab dogtag/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
9125. 2017-05-11T02:35:50Z DEBUG Process finished, return code=0
9126. 2017-05-11T02:35:50Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
9127. Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
9128. Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
9129. Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
9130. Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
9131. Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
9132. Entry for principal dogtag/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/pki/pki-tomcat/dogtag.keytab.
9133.  
9134. 2017-05-11T02:35:50Z DEBUG stderr=
9135. 2017-05-11T02:35:50Z INFO Creating Custodia keys
9136. 2017-05-11T02:35:50Z DEBUG Created connection context.ldap2_169661520
9137. 2017-05-11T02:35:50Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
9138. 2017-05-11T02:35:50Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9b3aa70>
9139. 2017-05-11T02:35:50Z DEBUG Destroyed connection context.ldap2_169661520
9140. 2017-05-11T02:35:50Z DEBUG Created connection context.ldap2_169661840
9141. 2017-05-11T02:35:50Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
9142. 2017-05-11T02:35:50Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa559e18>
9143. 2017-05-11T02:35:50Z DEBUG Destroyed connection context.ldap2_169661840
9144. 2017-05-11T02:35:51Z INFO Configuring key retriever
9145. 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
9146. 2017-05-11T02:35:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
9147. 2017-05-11T02:35:51Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
9148. 2017-05-11T02:35:51Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9e3d998>
9149. 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9150. 2017-05-11T02:35:51Z DEBUG Configuring ipa_memcached
9151. 2017-05-11T02:35:51Z DEBUG [1/2]: starting ipa_memcached
9152. 2017-05-11T02:35:51Z DEBUG Starting external process
9153. 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl is-active ipa_memcached.service
9154. 2017-05-11T02:35:51Z DEBUG Process finished, return code=3
9155. 2017-05-11T02:35:51Z DEBUG stdout=unknown
9156.  
9157. 2017-05-11T02:35:51Z DEBUG stderr=
9158. 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9159. 2017-05-11T02:35:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9160. 2017-05-11T02:35:51Z DEBUG Starting external process
9161. 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl restart ipa_memcached.service
9162. 2017-05-11T02:35:51Z DEBUG Process finished, return code=0
9163. 2017-05-11T02:35:51Z DEBUG stdout=
9164. 2017-05-11T02:35:51Z DEBUG stderr=
9165. 2017-05-11T02:35:51Z DEBUG Starting external process
9166. 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl is-active ipa_memcached.service
9167. 2017-05-11T02:35:51Z DEBUG Process finished, return code=0
9168. 2017-05-11T02:35:51Z DEBUG stdout=active
9169.  
9170. 2017-05-11T02:35:51Z DEBUG stderr=
9171. 2017-05-11T02:35:51Z DEBUG duration: 0 seconds
9172. 2017-05-11T02:35:51Z DEBUG [2/2]: configuring ipa_memcached to start on boot
9173. 2017-05-11T02:35:51Z DEBUG Starting external process
9174. 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl is-enabled ipa_memcached.service
9175. 2017-05-11T02:35:51Z DEBUG Process finished, return code=1
9176. 2017-05-11T02:35:51Z DEBUG stdout=disabled
9177.  
9178. 2017-05-11T02:35:51Z DEBUG stderr=
9179. 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9180. 2017-05-11T02:35:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9181. 2017-05-11T02:35:51Z DEBUG Starting external process
9182. 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl disable ipa_memcached.service
9183. 2017-05-11T02:35:51Z DEBUG Process finished, return code=0
9184. 2017-05-11T02:35:51Z DEBUG stdout=
9185. 2017-05-11T02:35:51Z DEBUG stderr=
9186. 2017-05-11T02:35:51Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
9187. 2017-05-11T02:35:51Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa1c41b8>
9188. 2017-05-11T02:35:51Z DEBUG duration: 0 seconds
9189. 2017-05-11T02:35:51Z DEBUG Done configuring ipa_memcached.
9190. 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9191. 2017-05-11T02:35:51Z DEBUG Configuring ipa-otpd
9192. 2017-05-11T02:35:51Z DEBUG [1/2]: starting ipa-otpd
9193. 2017-05-11T02:35:51Z DEBUG Starting external process
9194. 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl is-active ipa-otpd.socket
9195. 2017-05-11T02:35:51Z DEBUG Process finished, return code=3
9196. 2017-05-11T02:35:51Z DEBUG stdout=unknown
9197.  
9198. 2017-05-11T02:35:51Z DEBUG stderr=
9199. 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9200. 2017-05-11T02:35:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9201. 2017-05-11T02:35:51Z DEBUG Starting external process
9202. 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl restart ipa-otpd.socket
9203. 2017-05-11T02:35:51Z DEBUG Process finished, return code=0
9204. 2017-05-11T02:35:51Z DEBUG stdout=
9205. 2017-05-11T02:35:51Z DEBUG stderr=
9206. 2017-05-11T02:35:51Z DEBUG Starting external process
9207. 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl is-active ipa-otpd.socket
9208. 2017-05-11T02:35:51Z DEBUG Process finished, return code=0
9209. 2017-05-11T02:35:51Z DEBUG stdout=active
9210.  
9211. 2017-05-11T02:35:51Z DEBUG stderr=
9212. 2017-05-11T02:35:51Z DEBUG duration: 0 seconds
9213. 2017-05-11T02:35:51Z DEBUG [2/2]: configuring ipa-otpd to start on boot
9214. 2017-05-11T02:35:51Z DEBUG Starting external process
9215. 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl is-enabled ipa-otpd.socket
9216. 2017-05-11T02:35:51Z DEBUG Process finished, return code=1
9217. 2017-05-11T02:35:51Z DEBUG stdout=disabled
9218.  
9219. 2017-05-11T02:35:51Z DEBUG stderr=
9220. 2017-05-11T02:35:51Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9221. 2017-05-11T02:35:51Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9222. 2017-05-11T02:35:51Z DEBUG Starting external process
9223. 2017-05-11T02:35:51Z DEBUG args=/bin/systemctl disable ipa-otpd.socket
9224. 2017-05-11T02:35:51Z DEBUG Process finished, return code=0
9225. 2017-05-11T02:35:51Z DEBUG stdout=
9226. 2017-05-11T02:35:51Z DEBUG stderr=
9227. 2017-05-11T02:35:51Z DEBUG flushing ldap://ipa.rdlg.net:389 from SchemaCache
9228. 2017-05-11T02:35:51Z DEBUG retrieving schema for SchemaCache url=ldap://ipa.rdlg.net:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x9c50710>
9229. 2017-05-11T02:35:52Z DEBUG duration: 0 seconds
9230. 2017-05-11T02:35:52Z DEBUG Done configuring ipa-otpd.
9231. 2017-05-11T02:35:52Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9232. 2017-05-11T02:35:52Z DEBUG Configuring ipa-custodia
9233. 2017-05-11T02:35:52Z DEBUG [1/5]: Generating ipa-custodia config file
9234. 2017-05-11T02:35:52Z DEBUG duration: 0 seconds
9235. 2017-05-11T02:35:52Z DEBUG [2/5]: Making sure custodia container exists
9236. 2017-05-11T02:35:52Z DEBUG importing all plugin modules in ipaserver.plugins...
9237. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.aci
9238. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.automember
9239. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.automount
9240. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.baseldap
9241. 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.baseldap is not a valid plugin module
9242. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.baseuser
9243. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.batch
9244. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.ca
9245. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.caacl
9246. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.cert
9247. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.certprofile
9248. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.config
9249. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.delegation
9250. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.dns
9251. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.dnsserver
9252. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.dogtag
9253. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.domainlevel
9254. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.group
9255. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.hbac
9256. 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.hbac is not a valid plugin module
9257. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.hbacrule
9258. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.hbacsvc
9259. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.hbacsvcgroup
9260. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.hbactest
9261. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.host
9262. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.hostgroup
9263. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.idrange
9264. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.idviews
9265. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.internal
9266. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.join
9267. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.krbtpolicy
9268. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.ldap2
9269. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.location
9270. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.migration
9271. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.misc
9272. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.netgroup
9273. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.otp
9274. 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.otp is not a valid plugin module
9275. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.otpconfig
9276. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.otptoken
9277. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.passwd
9278. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.permission
9279. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.ping
9280. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.pkinit
9281. 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.pkinit is not a valid plugin module
9282. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.privilege
9283. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.pwpolicy
9284. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.rabase
9285. 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.rabase is not a valid plugin module
9286. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.radiusproxy
9287. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.realmdomains
9288. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.role
9289. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.schema
9290. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.selfservice
9291. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.selinuxusermap
9292. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.server
9293. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.serverrole
9294. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.serverroles
9295. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.service
9296. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.servicedelegation
9297. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.session
9298. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.stageuser
9299. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.sudo
9300. 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.sudo is not a valid plugin module
9301. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.sudocmd
9302. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.sudocmdgroup
9303. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.sudorule
9304. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.topology
9305. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.trust
9306. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.user
9307. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.vault
9308. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.virtual
9309. 2017-05-11T02:35:52Z DEBUG ipaserver.plugins.virtual is not a valid plugin module
9310. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.plugins.xmlserver
9311. 2017-05-11T02:35:52Z DEBUG importing all plugin modules in ipaserver.install.plugins...
9312. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.adtrust
9313. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.ca_renewal_master
9314. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.dns
9315. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.fix_replica_agreements
9316. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.rename_managed
9317. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_ca_topology
9318. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_idranges
9319. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_managed_permissions
9320. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_nis
9321. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_pacs
9322. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_passsync
9323. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_referint
9324. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_services
9325. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.update_uniqueness
9326. 2017-05-11T02:35:52Z DEBUG importing plugin module ipaserver.install.plugins.upload_cacrt
9327. 2017-05-11T02:35:53Z DEBUG Created connection context.ldap2_191452880
9328. 2017-05-11T02:35:53Z DEBUG Destroyed connection context.ldap2_191452880
9329. 2017-05-11T02:35:53Z DEBUG Created connection context.ldap2_191452880
9330. 2017-05-11T02:35:53Z DEBUG Parsing update file '/usr/share/ipa/updates/73-custodia.update'
9331. 2017-05-11T02:35:53Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
9332. 2017-05-11T02:35:53Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x740d3b0>
9333. 2017-05-11T02:35:53Z DEBUG Updating existing entry: cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net
9334. 2017-05-11T02:35:53Z DEBUG ---------------------------------------------
9335. 2017-05-11T02:35:53Z DEBUG Initial value
9336. 2017-05-11T02:35:53Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net
9337. 2017-05-11T02:35:53Z DEBUG objectClass:
9338. 2017-05-11T02:35:53Z DEBUG nsContainer
9339. 2017-05-11T02:35:53Z DEBUG top
9340. 2017-05-11T02:35:53Z DEBUG cn:
9341. 2017-05-11T02:35:53Z DEBUG custodia
9342. 2017-05-11T02:35:53Z DEBUG ---------------------------------------------
9343. 2017-05-11T02:35:53Z DEBUG Final value after applying updates
9344. 2017-05-11T02:35:53Z DEBUG dn: cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net
9345. 2017-05-11T02:35:53Z DEBUG objectClass:
9346. 2017-05-11T02:35:53Z DEBUG nsContainer
9347. 2017-05-11T02:35:53Z DEBUG top
9348. 2017-05-11T02:35:53Z DEBUG cn:
9349. 2017-05-11T02:35:53Z DEBUG custodia
9350. 2017-05-11T02:35:53Z DEBUG []
9351. 2017-05-11T02:35:53Z DEBUG Updated 0
9352. 2017-05-11T02:35:53Z DEBUG Done
9353. 2017-05-11T02:35:53Z DEBUG Updating existing entry: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net
9354. 2017-05-11T02:35:53Z DEBUG ---------------------------------------------
9355. 2017-05-11T02:35:53Z DEBUG Initial value
9356. 2017-05-11T02:35:53Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net
9357. 2017-05-11T02:35:53Z DEBUG objectClass:
9358. 2017-05-11T02:35:53Z DEBUG nsContainer
9359. 2017-05-11T02:35:53Z DEBUG top
9360. 2017-05-11T02:35:53Z DEBUG cn:
9361. 2017-05-11T02:35:53Z DEBUG dogtag
9362. 2017-05-11T02:35:53Z DEBUG ---------------------------------------------
9363. 2017-05-11T02:35:53Z DEBUG Final value after applying updates
9364. 2017-05-11T02:35:53Z DEBUG dn: cn=dogtag,cn=custodia,cn=ipa,cn=etc,dc=rdlg,dc=net
9365. 2017-05-11T02:35:53Z DEBUG objectClass:
9366. 2017-05-11T02:35:53Z DEBUG nsContainer
9367. 2017-05-11T02:35:53Z DEBUG top
9368. 2017-05-11T02:35:53Z DEBUG cn:
9369. 2017-05-11T02:35:53Z DEBUG dogtag
9370. 2017-05-11T02:35:53Z DEBUG []
9371. 2017-05-11T02:35:53Z DEBUG Updated 0
9372. 2017-05-11T02:35:53Z DEBUG Done
9373. 2017-05-11T02:35:53Z DEBUG Destroyed connection context.ldap2_191452880
9374. 2017-05-11T02:35:53Z DEBUG duration: 1 seconds
9375. 2017-05-11T02:35:53Z DEBUG [3/5]: Generating ipa-custodia keys
9376. 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
9377. 2017-05-11T02:35:53Z DEBUG [4/5]: starting ipa-custodia
9378. 2017-05-11T02:35:53Z DEBUG Starting external process
9379. 2017-05-11T02:35:53Z DEBUG args=/bin/systemctl is-active ipa-custodia.service
9380. 2017-05-11T02:35:53Z DEBUG Process finished, return code=3
9381. 2017-05-11T02:35:53Z DEBUG stdout=unknown
9382.  
9383. 2017-05-11T02:35:53Z DEBUG stderr=
9384. 2017-05-11T02:35:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9385. 2017-05-11T02:35:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9386. 2017-05-11T02:35:53Z DEBUG Starting external process
9387. 2017-05-11T02:35:53Z DEBUG args=/bin/systemctl restart ipa-custodia.service
9388. 2017-05-11T02:35:53Z DEBUG Process finished, return code=0
9389. 2017-05-11T02:35:53Z DEBUG stdout=
9390. 2017-05-11T02:35:53Z DEBUG stderr=
9391. 2017-05-11T02:35:53Z DEBUG Starting external process
9392. 2017-05-11T02:35:53Z DEBUG args=/bin/systemctl is-active ipa-custodia.service
9393. 2017-05-11T02:35:53Z DEBUG Process finished, return code=0
9394. 2017-05-11T02:35:53Z DEBUG stdout=active
9395.  
9396. 2017-05-11T02:35:53Z DEBUG stderr=
9397. 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
9398. 2017-05-11T02:35:53Z DEBUG [5/5]: configuring ipa-custodia to start on boot
9399. 2017-05-11T02:35:53Z DEBUG Starting external process
9400. 2017-05-11T02:35:53Z DEBUG args=/bin/systemctl is-enabled ipa-custodia.service
9401. 2017-05-11T02:35:53Z DEBUG Process finished, return code=1
9402. 2017-05-11T02:35:53Z DEBUG stdout=disabled
9403.  
9404. 2017-05-11T02:35:53Z DEBUG stderr=
9405. 2017-05-11T02:35:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9406. 2017-05-11T02:35:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9407. 2017-05-11T02:35:53Z DEBUG Starting external process
9408. 2017-05-11T02:35:53Z DEBUG args=/bin/systemctl disable ipa-custodia.service
9409. 2017-05-11T02:35:53Z DEBUG Process finished, return code=0
9410. 2017-05-11T02:35:53Z DEBUG stdout=
9411. 2017-05-11T02:35:53Z DEBUG stderr=
9412. 2017-05-11T02:35:53Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
9413. 2017-05-11T02:35:53Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa5502d8>
9414. 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
9415. 2017-05-11T02:35:53Z DEBUG Done configuring ipa-custodia.
9416. 2017-05-11T02:35:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
9417. 2017-05-11T02:35:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
9418. 2017-05-11T02:35:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9419. 2017-05-11T02:35:53Z DEBUG Configuring the web interface (httpd). Estimated time: 1 minute
9420. 2017-05-11T02:35:53Z DEBUG [1/21]: setting mod_nss port to 443
9421. 2017-05-11T02:35:53Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/nss.conf'
9422. 2017-05-11T02:35:53Z DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index'
9423. 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
9424. 2017-05-11T02:35:53Z DEBUG [2/21]: setting mod_nss cipher suite
9425. 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
9426. 2017-05-11T02:35:53Z DEBUG [3/21]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2
9427. 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
9428. 2017-05-11T02:35:53Z DEBUG [4/21]: setting mod_nss password file
9429. 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
9430. 2017-05-11T02:35:53Z DEBUG [5/21]: enabling mod_nss renegotiate
9431. 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
9432. 2017-05-11T02:35:53Z DEBUG [6/21]: adding URL rewriting rules
9433. 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
9434. 2017-05-11T02:35:53Z DEBUG [7/21]: configuring httpd
9435. 2017-05-11T02:35:53Z DEBUG Starting external process
9436. 2017-05-11T02:35:53Z DEBUG args=/usr/sbin/selinuxenabled
9437. 2017-05-11T02:35:53Z DEBUG Process finished, return code=0
9438. 2017-05-11T02:35:53Z DEBUG stdout=
9439. 2017-05-11T02:35:53Z DEBUG stderr=
9440. 2017-05-11T02:35:53Z DEBUG Starting external process
9441. 2017-05-11T02:35:53Z DEBUG args=/sbin/restorecon /etc/systemd/system/httpd.service.d/ipa.conf
9442. 2017-05-11T02:35:53Z DEBUG Process finished, return code=0
9443. 2017-05-11T02:35:53Z DEBUG stdout=
9444. 2017-05-11T02:35:53Z DEBUG stderr=
9445. 2017-05-11T02:35:53Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa.conf'
9446. 2017-05-11T02:35:53Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa.conf' doesn't exist
9447. 2017-05-11T02:35:53Z DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa-rewrite.conf'
9448. 2017-05-11T02:35:53Z DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa-rewrite.conf' doesn't exist
9449. 2017-05-11T02:35:53Z DEBUG duration: 0 seconds
9450. 2017-05-11T02:35:53Z DEBUG [8/21]: configure certmonger for renewals
9451. 2017-05-11T02:35:53Z DEBUG Starting external process
9452. 2017-05-11T02:35:53Z DEBUG args=/bin/systemctl is-active certmonger.service
9453. 2017-05-11T02:35:53Z DEBUG Process finished, return code=0
9454. 2017-05-11T02:35:53Z DEBUG stdout=active
9455.  
9456. 2017-05-11T02:35:53Z DEBUG stderr=
9457. 2017-05-11T02:35:53Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9458. 2017-05-11T02:35:53Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9459. 2017-05-11T02:35:54Z DEBUG duration: 0 seconds
9460. 2017-05-11T02:35:54Z DEBUG [9/21]: setting up httpd keytab
9461. 2017-05-11T02:35:54Z DEBUG Removing service keytab: /etc/httpd/conf/ipa.keytab
9462. 2017-05-11T02:35:54Z DEBUG Starting external process
9463. 2017-05-11T02:35:54Z DEBUG args=kadmin.local -q addprinc -randkey HTTP/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
9464. 2017-05-11T02:35:55Z DEBUG Process finished, return code=0
9465. 2017-05-11T02:35:55Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
9466. Principal "HTTP/ipa.rdlg.net@RDLG.NET" created.
9467.  
9468. 2017-05-11T02:35:55Z DEBUG stderr=WARNING: no policy specified for HTTP/ipa.rdlg.net@RDLG.NET; defaulting to no policy
9469.  
9470. 2017-05-11T02:35:55Z DEBUG Starting external process
9471. 2017-05-11T02:35:55Z DEBUG args=kadmin.local -q ktadd -k /etc/httpd/conf/ipa.keytab HTTP/ipa.rdlg.net@RDLG.NET -x ipa-setup-override-restrictions
9472. 2017-05-11T02:35:55Z DEBUG Process finished, return code=0
9473. 2017-05-11T02:35:55Z DEBUG stdout=Authenticating as principal root/admin@RDLG.NET with password.
9474. Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/httpd/conf/ipa.keytab.
9475. Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/httpd/conf/ipa.keytab.
9476. Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/httpd/conf/ipa.keytab.
9477. Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/httpd/conf/ipa.keytab.
9478. Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/etc/httpd/conf/ipa.keytab.
9479. Entry for principal HTTP/ipa.rdlg.net@RDLG.NET with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/etc/httpd/conf/ipa.keytab.
9480.  
9481. 2017-05-11T02:35:55Z DEBUG stderr=
9482. 2017-05-11T02:35:55Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
9483. 2017-05-11T02:35:55Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0xa445128>
9484. 2017-05-11T02:35:55Z DEBUG duration: 1 seconds
9485. 2017-05-11T02:35:55Z DEBUG [10/21]: setting up ssl
9486. 2017-05-11T02:35:55Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
9487. 2017-05-11T02:35:55Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
9488. 2017-05-11T02:35:55Z DEBUG Starting external process
9489. 2017-05-11T02:35:55Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -R -s CN=ipa.rdlg.net,O=RDLG.NET -o /var/lib/ipa/ipa-m3fgLc/tmpcertreq -k rsa -g 2048 -z /etc/httpd/alias/noise.txt -f /etc/httpd/alias/pwdfile.txt -a
9490. 2017-05-11T02:35:55Z DEBUG Process finished, return code=0
9491. 2017-05-11T02:35:55Z DEBUG stdout=
9492. 2017-05-11T02:35:55Z DEBUG stderr=
9493.  
9494. Generating key. This may take a few moments...
9495.  
9496.  
9497. 2017-05-11T02:35:55Z DEBUG request POST https://ipa.rdlg.net:8443/ca/ee/ca/profileSubmitSSLClient
9498. 2017-05-11T02:35:55Z DEBUG request body 'profileId=caIPAserviceCert&requestor_name=IPA+Installer&cert_request=MIICbzCCAVcCAQAwKjERMA8GA1UEChMIUkRMRy5ORVQxFTATBgNVBAMTDGlwYS5y%0D%0AZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOf3CmynQVHo%0D%0AOeJWCxBxxd0s1UmNMflddGAW4R7VWzPAmVBFNdFE7nSbqFisUdVASoTmxQaM3A1D%0D%0A6Pzh1Pc95ld0maf7vJg2MV%2FUYu9ekUtpPeGl2hQyAzGT%2ByyslwKOJPdDK5lC7%2Bhy%0D%0AIH%2FJR3c%2FwO7r3JwHm%2Fj0RbURlPiVkUbYSPYf3XftjagyeLEeFBayl%2BtXh4uPrwQE%0D%0Atx64AyRkoWgrNwnvyYm7nVvh6ef6wKi%2Fe53GiZL5tkUDqmWWNvH0CMq%2FLxibRFje%0D%0Ak31hLjk7wsV5wFmzKlZVX7piY4ldc3Fjf%2BtoAk4RBSj8w0f4yHSe1NDE7L5qviHb%0D%0AbYt11wfz9b0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAH1z8bOtgIub0uxaSV%0D%0AXVNrQpS0LGCHiX2stagaiAKcQ431tLVwrFOKA4DmS5HzSXKg6Rzo7xvwEYpq6FeZ%0D%0AflglrFvea%2FjUM8PI6lh90o4Cl7odtJANVxo2b1ix4xfsQjQoVtNH9JOqQTa%2BL3KO%0D%0AswIxJXctiHCz480g%2BA9q4%2FyYQdLdh9aP2PWBFMWkIfyIgweVNCxmCGmkcyZsq21G%0D%0A3mpPaV%2BXWpr%2BVkVScNaLmgUqnuBhOl7wkN3Qu5G%2BmHtfkrpChSskUeE6jpekXi8Z%0D%0AAq%2F2ez6uWkSCit9n33RJ4DlDjTradkjXmuOyYYrYUOAURmArpJSJScsPN0Hs3diK%0D%0A%2B96Z%0A&cert_request_type=pkcs10&xmlOutput=true'
9499. 2017-05-11T02:35:55Z DEBUG NSSConnection init ipa.rdlg.net
9500. 2017-05-11T02:35:55Z DEBUG Connecting: 172.20.0.200:0
9501. 2017-05-11T02:35:55Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
9502. 2017-05-11T02:35:55Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
9503. 2017-05-11T02:35:55Z DEBUG handshake complete, peer = 172.20.0.200:8443
9504. 2017-05-11T02:35:55Z DEBUG Protocol: TLS1.2
9505. 2017-05-11T02:35:55Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
9506. 2017-05-11T02:35:55Z DEBUG response status 200
9507. 2017-05-11T02:35:55Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:35:55 GMT', 'content-length': '1599', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
9508. 2017-05-11T02:35:55Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>0</Status><Requests><Request><Id>9</Id><SubjectDN>CN=ipa.rdlg.net,O=RDLG.NET</SubjectDN><serialno>9</serialno><b64>MIID/jCCAuagAwIBAgIBCTANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExHLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAyMzU1NVoXDTE5MDUxMjAyMzU1NVowKjERMA8GA1UECgwIUkRMRy5ORVQxFTATBgNVBAMMDGlwYS5yZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOf3CmynQVHoOeJWCxBxxd0s1UmNMflddGAW4R7VWzPAmVBFNdFE7nSbqFisUdVASoTmxQaM3A1D6Pzh1Pc95ld0maf7vJg2MV/UYu9ekUtpPeGl2hQyAzGT+yyslwKOJPdDK5lC7+hyIH/JR3c/wO7r3JwHm/j0RbURlPiVkUbYSPYf3XftjagyeLEeFBayl+tXh4uPrwQEtx64AyRkoWgrNwnvyYm7nVvh6ef6wKi/e53GiZL5tkUDqmWWNvH0CMq/LxibRFjek31hLjk7wsV5wFmzKlZVX7piY4ldc3Fjf+toAk4RBSj8w0f4yHSe1NDE7L5qviHbbYt11wfz9b0CAwEAAaOCASQwggEgMB8GA1UdIwQYMBaAFMoUcnP4TmDj4h+ZfLwirZhDNd7zMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL2lwYS1jYS5yZGxnLm5ldC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwcwYDVR0fBGwwajBooDCgLoYsaHR0cDovL2lwYS1jYS5yZGxnLm5ldC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFCgX5aGyq1OOdV+Xm5P02A4icX0hMA0GCSqGSIb3DQEBCwUAA4IBAQCfMmA1pH82o8TTDmpMU0wYXm7/2IyLq54ZidGTa1pBQC57W9hTb2KkG2SjQutUmLLB21b88mXIbNSbvJpgSFlTpbaf2l+hRb3AQFdj3PTdHAOfC+/z5nPZwpf2PXfMKhfNSGZF3ACimY2HhcKOm/26oabERoVJzSFr5yTGI+HvARKc0IZ+cMP9tpGU+nTov3NsKq9SEg7gboJ81Zpo8ohFc67ZJqVFIytBowP0Gex1AS7xFU5zYJNTWtjF31XK9ejzY4mxfnR4JS+XMLO9N2819kNHUTuXuXsWYeUf5cInXHTjaDN+vIYV+5vv36TCzqibKMEOYPtsGDbpeM2QrSoT</b64></Request></Requests></XMLResponse>'
9509. 2017-05-11T02:35:55Z DEBUG Starting external process
9510. 2017-05-11T02:35:55Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -A -n Server-Cert -t u,u,u -i /var/lib/ipa/ipa-m3fgLc/tmpcert.der -f /etc/httpd/alias/pwdfile.txt
9511. 2017-05-11T02:35:56Z DEBUG Process finished, return code=0
9512. 2017-05-11T02:35:56Z DEBUG stdout=
9513. 2017-05-11T02:35:56Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
9514.  
9515. 2017-05-11T02:35:56Z DEBUG Starting external process
9516. 2017-05-11T02:35:56Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L -n Server-Cert -a
9517. 2017-05-11T02:35:56Z DEBUG Process finished, return code=0
9518. 2017-05-11T02:35:56Z DEBUG stdout=-----BEGIN CERTIFICATE-----
9519. MIID/jCCAuagAwIBAgIBCTANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
9520. Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
9521. MzU1NVoXDTE5MDUxMjAyMzU1NVowKjERMA8GA1UECgwIUkRMRy5ORVQxFTATBgNV
9522. BAMMDGlwYS5yZGxnLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
9523. AOf3CmynQVHoOeJWCxBxxd0s1UmNMflddGAW4R7VWzPAmVBFNdFE7nSbqFisUdVA
9524. SoTmxQaM3A1D6Pzh1Pc95ld0maf7vJg2MV/UYu9ekUtpPeGl2hQyAzGT+yyslwKO
9525. JPdDK5lC7+hyIH/JR3c/wO7r3JwHm/j0RbURlPiVkUbYSPYf3XftjagyeLEeFBay
9526. l+tXh4uPrwQEtx64AyRkoWgrNwnvyYm7nVvh6ef6wKi/e53GiZL5tkUDqmWWNvH0
9527. CMq/LxibRFjek31hLjk7wsV5wFmzKlZVX7piY4ldc3Fjf+toAk4RBSj8w0f4yHSe
9528. 1NDE7L5qviHbbYt11wfz9b0CAwEAAaOCASQwggEgMB8GA1UdIwQYMBaAFMoUcnP4
9529. TmDj4h+ZfLwirZhDNd7zMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0
9530. cDovL2lwYS1jYS5yZGxnLm5ldC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DAdBgNV
9531. HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwcwYDVR0fBGwwajBooDCgLoYsaHR0
9532. cDovL2lwYS1jYS5yZGxnLm5ldC9pcGEvY3JsL01hc3RlckNSTC5iaW6iNKQyMDAx
9533. DjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
9534. HQYDVR0OBBYEFCgX5aGyq1OOdV+Xm5P02A4icX0hMA0GCSqGSIb3DQEBCwUAA4IB
9535. AQCfMmA1pH82o8TTDmpMU0wYXm7/2IyLq54ZidGTa1pBQC57W9hTb2KkG2SjQutU
9536. mLLB21b88mXIbNSbvJpgSFlTpbaf2l+hRb3AQFdj3PTdHAOfC+/z5nPZwpf2PXfM
9537. KhfNSGZF3ACimY2HhcKOm/26oabERoVJzSFr5yTGI+HvARKc0IZ+cMP9tpGU+nTo
9538. v3NsKq9SEg7gboJ81Zpo8ohFc67ZJqVFIytBowP0Gex1AS7xFU5zYJNTWtjF31XK
9539. 9ejzY4mxfnR4JS+XMLO9N2819kNHUTuXuXsWYeUf5cInXHTjaDN+vIYV+5vv36TC
9540. zqibKMEOYPtsGDbpeM2QrSoT
9541. -----END CERTIFICATE-----
9542.  
9543. 2017-05-11T02:35:56Z DEBUG stderr=
9544. 2017-05-11T02:35:56Z DEBUG Starting external process
9545. 2017-05-11T02:35:56Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -R -s CN=Object Signing Cert,O=RDLG.NET -o /var/lib/ipa/ipa-m3fgLc/tmpcertreq -k rsa -g 2048 -z /etc/httpd/alias/noise.txt -f /etc/httpd/alias/pwdfile.txt -a
9546. 2017-05-11T02:35:56Z DEBUG Process finished, return code=0
9547. 2017-05-11T02:35:56Z DEBUG stdout=
9548. 2017-05-11T02:35:56Z DEBUG stderr=
9549.  
9550. Generating key. This may take a few moments...
9551.  
9552.  
9553. 2017-05-11T02:35:56Z DEBUG request POST https://ipa.rdlg.net:8443/ca/ee/ca/profileSubmitSSLClient
9554. 2017-05-11T02:35:56Z DEBUG request body 'profileId=caJarSigningCert&requestor_name=IPA+Installer&cert_request=MIICdjCCAV4CAQAwMTERMA8GA1UEChMIUkRMRy5ORVQxHDAaBgNVBAMTE09iamVj%0D%0AdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDw%0D%0AI5AOZ7FB%2FOYj9K4zfAohWZQINCBQlOIRva5Zv07d%2F7rhbefmeCXh0bL7es5tUOHp%0D%0AkCiY7C3ql9m%2Fyjxeys3YC%2FHBTSz%2B0KH8ZMEPszRFqj07x9bR0kwFFwBRz4nA5v4a%0D%0Aa%2B6zVLXdiG9rBG3dF7YwfXInQ3P1y32ldrDo1lPOnr7Byl9PWZrNQlKHQjXZN8qv%0D%0AM7xHcZQWSahyd0gOLGaoyGDt0opLXi49aWLePWGhJkBRtTXcZy9elBBaFZFXz4io%0D%0AqcWXyGXbQTZYVci9Vz1Sa0t7XzlLVEbu3ssom88W8eET%2FXjvJs5vAGB%2BBympU8Zr%0D%0AIc4afra7vN8NknUDRqE3AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAKxJFWbYR%0D%0AqGCP5%2BlxjyCZa7u6yiGmi0lMioP94HpKLnmL9Gi1%2F9s7q6iAq1LT8C6CH68pV22d%0D%0AqPDjsKpM6qpX%2BwybZi4mfMQNaLuj%2Fm2I%2FLA%2BGWP2vvSGPgAU76vXIGMUOSTdx9t1%0D%0AEwy9HgoRGUTf%2F5G%2BnkFoie%2Bn59kyn8WZSMVN%2BJcuFDyw1gZ21OG%2FuIbpo4fkQuBB%0D%0ATbByaP9lwWfxNjttlcMmOr2pGchZcPVu4QTlnJHfPi6N2DMcaxm%2BzO58uq6pFK4G%0D%0AJXCsK93RmVnj%2B3e1KANBPtUgF%2B6Mo6qxBWXby0n%2FIP7Se9M4jsZSinDsSmPl0u07%0D%0Aos7reNmMu3pPoQ%3D%3D%0A&cert_request_type=pkcs10&xmlOutput=true'
9555. 2017-05-11T02:35:56Z DEBUG NSSConnection init ipa.rdlg.net
9556. 2017-05-11T02:35:56Z DEBUG Connecting: 172.20.0.200:0
9557. 2017-05-11T02:35:56Z DEBUG approved_usage = SSL Server intended_usage = SSL Server
9558. 2017-05-11T02:35:56Z DEBUG cert valid True for "CN=ipa.rdlg.net,O=RDLG.NET"
9559. 2017-05-11T02:35:56Z DEBUG handshake complete, peer = 172.20.0.200:8443
9560. 2017-05-11T02:35:56Z DEBUG Protocol: TLS1.2
9561. 2017-05-11T02:35:56Z DEBUG Cipher: TLS_RSA_WITH_AES_256_CBC_SHA
9562. 2017-05-11T02:35:56Z DEBUG response status 200
9563. 2017-05-11T02:35:56Z DEBUG response headers {'date': 'Thu, 11 May 2017 02:35:55 GMT', 'content-length': '1275', 'content-type': 'application/xml', 'server': 'Apache-Coyote/1.1'}
9564. 2017-05-11T02:35:56Z DEBUG response body '<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><Status>0</Status><Requests><Request><Id>10</Id><SubjectDN>CN=Object Signing Cert,O=RDLG.NET</SubjectDN><serialno>a</serialno><b64>MIIDBDCCAeygAwIBAgIBCjANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExHLk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAyMzU1NloXDTIxMDUxMTAyMzU1NlowMTERMA8GA1UEChMIUkRMRy5ORVQxHDAaBgNVBAMTE09iamVjdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwI5AOZ7FB/OYj9K4zfAohWZQINCBQlOIRva5Zv07d/7rhbefmeCXh0bL7es5tUOHpkCiY7C3ql9m/yjxeys3YC/HBTSz+0KH8ZMEPszRFqj07x9bR0kwFFwBRz4nA5v4aa+6zVLXdiG9rBG3dF7YwfXInQ3P1y32ldrDo1lPOnr7Byl9PWZrNQlKHQjXZN8qvM7xHcZQWSahyd0gOLGaoyGDt0opLXi49aWLePWGhJkBRtTXcZy9elBBaFZFXz4ioqcWXyGXbQTZYVci9Vz1Sa0t7XzlLVEbu3ssom88W8eET/XjvJs5vAGB+BympU8ZrIc4afra7vN8NknUDRqE3AgMBAAGjJTAjMA4GA1UdDwEB/wQEAwIChDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQADggEBAEU2FkOgL5VQ0A3p8mH85aUbk4/J9g50Kr+gp1OSgXZ+RuoB3iEEGDJXmoN0LSyOIsEmc8AAtAafjLPDYsz/gWy3Oj+r711Mld1eIqVbdy/l6kUx4ux+Y5QKrWRZC0/MVgV1u/BoC0hTE1Amg89SfyNy1rfaIZgHhd0/VKvqL0kxlPtfLp4JfwBC05xJsvJcU9dAHxa672krniTYDSOfpzmFBstR+QSqwZ6nA6ZGZRdvTIw1Oeh9JbjFouVJJ6Fwp+U0qM2HlIQ0jjIfh37m0enbpzjt9G6HUd6cmu6H73oOxlFjysxIhTXqHppy4wOOKYxF8+qM66XUgHnT1ePO68c=</b64></Request></Requests></XMLResponse>'
9565. 2017-05-11T02:35:56Z DEBUG Starting external process
9566. 2017-05-11T02:35:56Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -A -n Signing-Cert -t u,u,u -i /var/lib/ipa/ipa-m3fgLc/tmpcert.der -f /etc/httpd/alias/pwdfile.txt
9567. 2017-05-11T02:35:56Z DEBUG Process finished, return code=0
9568. 2017-05-11T02:35:56Z DEBUG stdout=
9569. 2017-05-11T02:35:56Z DEBUG stderr=Notice: Trust flag u is set automatically if the private key is present.
9570.  
9571. 2017-05-11T02:35:56Z DEBUG flushing ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket from SchemaCache
9572. 2017-05-11T02:35:56Z DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-RDLG-NET.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x2252560>
9573. 2017-05-11T02:35:57Z DEBUG Starting external process
9574. 2017-05-11T02:35:57Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L
9575. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9576. 2017-05-11T02:35:57Z DEBUG stdout=
9577. Certificate Nickname Trust Attributes
9578. SSL,S/MIME,JAR/XPI
9579.  
9580. Signing-Cert u,u,u
9581. RDLG.NET IPA CA CT,C,C
9582. ipaCert u,u,u
9583. Server-Cert u,u,u
9584.  
9585. 2017-05-11T02:35:57Z DEBUG stderr=
9586. 2017-05-11T02:35:57Z DEBUG Starting external process
9587. 2017-05-11T02:35:57Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -O -n Signing-Cert
9588. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9589. 2017-05-11T02:35:57Z DEBUG stdout="RDLG.NET IPA CA" [CN=Certificate Authority,O=RDLG.NET]
9590.  
9591. "Signing-Cert" [CN=Object Signing Cert,O=RDLG.NET]
9592.  
9593.  
9594. 2017-05-11T02:35:57Z DEBUG stderr=
9595. 2017-05-11T02:35:57Z DEBUG Starting external process
9596. 2017-05-11T02:35:57Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L -n RDLG.NET IPA CA -a
9597. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9598. 2017-05-11T02:35:57Z DEBUG stdout=-----BEGIN CERTIFICATE-----
9599. MIIDgjCCAmqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMREwDwYDVQQKDAhSRExH
9600. Lk5FVDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE3MDUxMTAy
9601. Mjk1NloXDTM3MDUxMTAyMjk1NlowMzERMA8GA1UECgwIUkRMRy5ORVQxHjAcBgNV
9602. BAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEP
9603. ADCCAQoCggEBAL7p94qOWxiCMRT+Engmh3SKl6MFWOgXWnYfZYd8DikRR+Lhstl0
9604. LYHb9OEbJW7VjhHu6TYfAyunXx1i/FWbDQy+5H/qWUZDUPNeg6D7HsJOnWjEpWsf
9605. 0Y8IR4dqb0nsbvscGZOY6IfxWBvTcoUpb6fATZnjJYJEXKvbwk3Fnedb/yt3Xu4j
9606. mPa59Ey0M43q2oRtgwZKyxn2Jjqkoze27Q6sdvCeHOlFy3kX5tzoTtmQ1moZlkYY
9607. a5crBdiZjG+PIv3VocYU2RzA4/r08Cs173Qpe1TLou/4zJ4Ru7qq1gbWHIN0ZDXB
9608. eO/CGO4iutUTzFZmrKh/eGr5l1EAXEQry+0CAwEAAaOBoDCBnTAfBgNVHSMEGDAW
9609. gBTKFHJz+E5g4+IfmXy8Iq2YQzXe8zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
9610. /wQEAwIBxjAdBgNVHQ4EFgQUyhRyc/hOYOPiH5l8vCKtmEM13vMwOgYIKwYBBQUH
9611. AQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vaXBhLWNhLnJkbGcubmV0L2NhL29j
9612. c3AwDQYJKoZIhvcNAQELBQADggEBAAe2GwBcMyjzUn24OAMxBSDmJTr49ByS4+zu
9613. 7Y7gXVuS5lvMOm+DaM9UZXkQtvPwB3XtOrhX0USUhq1uhDuh2bYfkxKekGPWYyo0
9614. 1jDpvBp8IQaD9tcAJcc+KcAmdN2hV5r372xhWosMlT+gkqNm1tpQ15kzrHJHgGRy
9615. 243aRtXVr1RdTCNOm7Qplj5+xXtFyElcSFkrsqvoQrKnp0GY81zw6OmdQaC4GYAv
9616. uZazc5OlNNpGLDYtN5iT4VR4fIdYkfi174VtNlR1O9ZGZ+on863r9CTUhHmnzz5I
9617. /EfCR4uOA6jCe2XbGJMVhdZzMFWKH1ddo6WHyuzBQANOuqlAt5E=
9618. -----END CERTIFICATE-----
9619.  
9620. 2017-05-11T02:35:57Z DEBUG stderr=
9621. 2017-05-11T02:35:57Z DEBUG Starting external process
9622. 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/selinuxenabled
9623. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9624. 2017-05-11T02:35:57Z DEBUG stdout=
9625. 2017-05-11T02:35:57Z DEBUG stderr=
9626. 2017-05-11T02:35:57Z DEBUG Starting external process
9627. 2017-05-11T02:35:57Z DEBUG args=/sbin/restorecon /etc/httpd/alias/cert8.db
9628. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9629. 2017-05-11T02:35:57Z DEBUG stdout=
9630. 2017-05-11T02:35:57Z DEBUG stderr=
9631. 2017-05-11T02:35:57Z DEBUG Starting external process
9632. 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/selinuxenabled
9633. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9634. 2017-05-11T02:35:57Z DEBUG stdout=
9635. 2017-05-11T02:35:57Z DEBUG stderr=
9636. 2017-05-11T02:35:57Z DEBUG Starting external process
9637. 2017-05-11T02:35:57Z DEBUG args=/sbin/restorecon /etc/httpd/alias/key3.db
9638. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9639. 2017-05-11T02:35:57Z DEBUG stdout=
9640. 2017-05-11T02:35:57Z DEBUG stderr=
9641. 2017-05-11T02:35:57Z DEBUG duration: 1 seconds
9642. 2017-05-11T02:35:57Z DEBUG [11/21]: importing CA certificates from LDAP
9643. 2017-05-11T02:35:57Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
9644. 2017-05-11T02:35:57Z DEBUG Starting external process
9645. 2017-05-11T02:35:57Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -A -n RDLG.NET IPA CA -t CT,C,C
9646. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9647. 2017-05-11T02:35:57Z DEBUG stdout=
9648. 2017-05-11T02:35:57Z DEBUG stderr=
9649. 2017-05-11T02:35:57Z DEBUG duration: 0 seconds
9650. 2017-05-11T02:35:57Z DEBUG [12/21]: setting up browser autoconfig
9651. 2017-05-11T02:35:57Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
9652. 2017-05-11T02:35:57Z DEBUG Starting external process
9653. 2017-05-11T02:35:57Z DEBUG args=/usr/bin/certutil -d /etc/httpd/alias -L
9654. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9655. 2017-05-11T02:35:57Z DEBUG stdout=
9656. Certificate Nickname Trust Attributes
9657. SSL,S/MIME,JAR/XPI
9658.  
9659. Signing-Cert u,u,u
9660. ipaCert u,u,u
9661. Server-Cert u,u,u
9662. RDLG.NET IPA CA CT,C,C
9663.  
9664. 2017-05-11T02:35:57Z DEBUG stderr=
9665. 2017-05-11T02:35:57Z DEBUG Starting external process
9666. 2017-05-11T02:35:57Z DEBUG args=/usr/bin/signtool -d /etc/httpd/alias -p 2320ee37e45f78b95550 -k Signing-Cert -p 2320ee37e45f78b95550 -X -Z /usr/share/ipa/html/kerberosauth.xpi /tmp/tmp-ObzLQE/ext
9667. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9668. 2017-05-11T02:35:57Z DEBUG stdout=Generating /tmp/tmp-ObzLQE/ext/META-INF/manifest.mf file..
9669. --> bootstrap.js
9670. --> chrome/content/kerberosauth.js
9671. --> chrome/content/kerberosauth_overlay.xul
9672. --> chrome.manifest
9673. --> install.rdf
9674. --> locale/en-US/kerberosauth.properties
9675. Generating zigbert.sf file..
9676. Creating XPI Compatible Archive
9677. adding /tmp/tmp-ObzLQE/ext/META-INF/zigbert.rsa to /usr/share/ipa/html/kerberosauth.xpi...(deflated 11%)
9678. --> bootstrap.js
9679. adding /tmp/tmp-ObzLQE/ext/bootstrap.js to /usr/share/ipa/html/kerberosauth.xpi...(deflated 67%)
9680. --> chrome/content/kerberosauth.js
9681. adding /tmp/tmp-ObzLQE/ext/chrome/content/kerberosauth.js to /usr/share/ipa/html/kerberosauth.xpi...(deflated 66%)
9682. --> chrome/content/kerberosauth_overlay.xul
9683. adding /tmp/tmp-ObzLQE/ext/chrome/content/kerberosauth_overlay.xul to /usr/share/ipa/html/kerberosauth.xpi...(deflated 34%)
9684. --> chrome.manifest
9685. adding /tmp/tmp-ObzLQE/ext/chrome.manifest to /usr/share/ipa/html/kerberosauth.xpi...(deflated 51%)
9686. --> install.rdf
9687. adding /tmp/tmp-ObzLQE/ext/install.rdf to /usr/share/ipa/html/kerberosauth.xpi...(deflated 55%)
9688. --> locale/en-US/kerberosauth.properties
9689. adding /tmp/tmp-ObzLQE/ext/locale/en-US/kerberosauth.properties to /usr/share/ipa/html/kerberosauth.xpi...(deflated 36%)
9690. adding /tmp/tmp-ObzLQE/ext/META-INF/manifest.mf to /usr/share/ipa/html/kerberosauth.xpi...(deflated 47%)
9691. adding /tmp/tmp-ObzLQE/ext/META-INF/zigbert.sf to /usr/share/ipa/html/kerberosauth.xpi...(deflated 48%)
9692. tree "/tmp/tmp-ObzLQE/ext" signed successfully
9693.  
9694. 2017-05-11T02:35:57Z DEBUG stderr=warning: password (-p) option specified more than once.
9695. Only last specification will be used.
9696.  
9697. 2017-05-11T02:35:57Z DEBUG duration: 0 seconds
9698. 2017-05-11T02:35:57Z DEBUG [13/21]: publish CA cert
9699. 2017-05-11T02:35:57Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
9700. 2017-05-11T02:35:57Z DEBUG duration: 0 seconds
9701. 2017-05-11T02:35:57Z DEBUG [14/21]: clean up any existing httpd ccache
9702. 2017-05-11T02:35:57Z DEBUG Starting external process
9703. 2017-05-11T02:35:57Z DEBUG args=/usr/bin/kdestroy -A
9704. 2017-05-11T02:35:57Z DEBUG runas=apache (UID 48, GID 48)
9705. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9706. 2017-05-11T02:35:57Z DEBUG stdout=
9707. 2017-05-11T02:35:57Z DEBUG stderr=
9708. 2017-05-11T02:35:57Z DEBUG duration: 0 seconds
9709. 2017-05-11T02:35:57Z DEBUG [15/21]: configuring SELinux for httpd
9710. 2017-05-11T02:35:57Z DEBUG Starting external process
9711. 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/selinuxenabled
9712. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9713. 2017-05-11T02:35:57Z DEBUG stdout=
9714. 2017-05-11T02:35:57Z DEBUG stderr=
9715. 2017-05-11T02:35:57Z DEBUG Starting external process
9716. 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/getsebool httpd_can_network_connect
9717. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9718. 2017-05-11T02:35:57Z DEBUG stdout=httpd_can_network_connect --> off
9719.  
9720. 2017-05-11T02:35:57Z DEBUG stderr=
9721. 2017-05-11T02:35:57Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9722. 2017-05-11T02:35:57Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9723. 2017-05-11T02:35:57Z DEBUG Starting external process
9724. 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/getsebool httpd_run_ipa
9725. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9726. 2017-05-11T02:35:57Z DEBUG stdout=httpd_run_ipa --> off
9727.  
9728. 2017-05-11T02:35:57Z DEBUG stderr=
9729. 2017-05-11T02:35:57Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9730. 2017-05-11T02:35:57Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9731. 2017-05-11T02:35:57Z DEBUG Starting external process
9732. 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/getsebool httpd_manage_ipa
9733. 2017-05-11T02:35:57Z DEBUG Process finished, return code=0
9734. 2017-05-11T02:35:57Z DEBUG stdout=httpd_manage_ipa --> off
9735.  
9736. 2017-05-11T02:35:57Z DEBUG stderr=
9737. 2017-05-11T02:35:57Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9738. 2017-05-11T02:35:57Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9739. 2017-05-11T02:35:57Z DEBUG Starting external process
9740. 2017-05-11T02:35:57Z DEBUG args=/usr/sbin/setsebool -P httpd_can_network_connect=on httpd_run_ipa=on httpd_manage_ipa=on
9741. 2017-05-11T02:35:59Z DEBUG Process finished, return code=0
9742. 2017-05-11T02:35:59Z DEBUG stdout=
9743. 2017-05-11T02:35:59Z DEBUG stderr=
9744. 2017-05-11T02:35:59Z DEBUG duration: 1 seconds
9745. 2017-05-11T02:35:59Z DEBUG [16/21]: create KDC proxy user
9746. 2017-05-11T02:35:59Z DEBUG Adding group kdcproxy
9747. 2017-05-11T02:35:59Z DEBUG Starting external process
9748. 2017-05-11T02:35:59Z DEBUG args=/usr/sbin/groupadd -r kdcproxy
9749. 2017-05-11T02:36:00Z DEBUG Process finished, return code=0
9750. 2017-05-11T02:36:00Z DEBUG stdout=
9751. 2017-05-11T02:36:00Z DEBUG stderr=
9752. 2017-05-11T02:36:00Z DEBUG Done adding group
9753. 2017-05-11T02:36:00Z DEBUG Adding user kdcproxy
9754. 2017-05-11T02:36:00Z DEBUG Starting external process
9755. 2017-05-11T02:36:00Z DEBUG args=/usr/sbin/useradd -g kdcproxy -d /var/lib/kdcproxy -s /sbin/nologin -r kdcproxy -c IPA KDC Proxy User -m
9756. 2017-05-11T02:36:00Z DEBUG Process finished, return code=0
9757. 2017-05-11T02:36:00Z DEBUG stdout=
9758. 2017-05-11T02:36:00Z DEBUG stderr=
9759. 2017-05-11T02:36:00Z DEBUG Done adding user
9760. 2017-05-11T02:36:00Z DEBUG duration: 1 seconds
9761. 2017-05-11T02:36:00Z DEBUG [17/21]: create KDC proxy config
9762. 2017-05-11T02:36:00Z DEBUG Backing up system configuration file '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf'
9763. 2017-05-11T02:36:00Z DEBUG -> Not backing up - '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' doesn't exist
9764. 2017-05-11T02:36:00Z DEBUG duration: 0 seconds
9765. 2017-05-11T02:36:00Z DEBUG [18/21]: enable KDC proxy
9766. 2017-05-11T02:36:00Z DEBUG service KDCPROXY enabled
9767. 2017-05-11T02:36:00Z DEBUG duration: 0 seconds
9768. 2017-05-11T02:36:00Z DEBUG [19/21]: restarting httpd
9769. 2017-05-11T02:36:00Z DEBUG Starting external process
9770. 2017-05-11T02:36:00Z DEBUG args=/bin/systemctl is-active httpd.service
9771. 2017-05-11T02:36:00Z DEBUG Process finished, return code=3
9772. 2017-05-11T02:36:00Z DEBUG stdout=unknown
9773.  
9774. 2017-05-11T02:36:00Z DEBUG stderr=
9775. 2017-05-11T02:36:00Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
9776. 2017-05-11T02:36:00Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
9777. 2017-05-11T02:36:00Z DEBUG Starting external process
9778. 2017-05-11T02:36:00Z DEBUG args=/bin/systemctl restart httpd.service
9779. 2017-05-11T02:36:00Z DEBUG Process finished, return code=1
9780. 2017-05-11T02:36:00Z DEBUG stdout=
9781. 2017-05-11T02:36:00Z DEBUG stderr=Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
9782.  
9783. 2017-05-11T02:36:01Z DEBUG Traceback (most recent call last):
9784. File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 449, in start_creation
9785. run_step(full_msg, method)
9786. File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 439, in run_step
9787. method()
9788. File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", line 193, in __start
9789. self.restart()
9790. File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 349, in restart
9791. self.service.restart(instance_name, capture_output=capture_output, wait=wait)
9792. File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 301, in restart
9793. skip_output=not capture_output)
9794. File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 494, in run
9795. raise CalledProcessError(p.returncode, arg_string, str(output))
9796. CalledProcessError: Command '/bin/systemctl restart httpd.service' returned non-zero exit status 1
9797.  
9798. 2017-05-11T02:36:01Z DEBUG [error] CalledProcessError: Command '/bin/systemctl restart httpd.service' returned non-zero exit status 1
9799. 2017-05-11T02:36:01Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in execute
9800. return_value = self.run()
9801. File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 318, in run
9802. cfgr.run()
9803. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 310, in run
9804. self.execute()
9805. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 332, in execute
9806. for nothing in self._executor():
9807. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
9808. self._handle_exception(exc_info)
9809. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
9810. six.reraise(*exc_info)
9811. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
9812. step()
9813. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
9814. step = lambda: next(self.__gen)
9815. File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
9816. six.reraise(*exc_info)
9817. File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
9818. value = gen.send(prev_value)
9819. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 586, in _configure
9820. next(executor)
9821. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 372, in __runner
9822. self._handle_exception(exc_info)
9823. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 449, in _handle_exception
9824. self.__parent._handle_exception(exc_info)
9825. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
9826. six.reraise(*exc_info)
9827. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 446, in _handle_exception
9828. super(ComponentBase, self)._handle_exception(exc_info)
9829. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 394, in _handle_exception
9830. six.reraise(*exc_info)
9831. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 362, in __runner
9832. step()
9833. File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 359, in <lambda>
9834. step = lambda: next(self.__gen)
9835. File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
9836. six.reraise(*exc_info)
9837. File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
9838. value = gen.send(prev_value)
9839. File "/usr/lib/python2.7/site-packages/ipapython/install/common.py", line 63, in _install
9840. for nothing in self._installer(self.parent):
9841. File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 1357, in main
9842. install(self)
9843. File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 267, in decorated
9844. func(installer)
9845. File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 830, in install
9846. ca_is_configured=setup_ca)
9847. File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", line 189, in create_instance
9848. self.start_creation(runtime=60)
9849. File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 449, in start_creation
9850. run_step(full_msg, method)
9851. File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 439, in run_step
9852. method()
9853. File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", line 193, in __start
9854. self.restart()
9855. File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 349, in restart
9856. self.service.restart(instance_name, capture_output=capture_output, wait=wait)
9857. File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 301, in restart
9858. skip_output=not capture_output)
9859. File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 494, in run
9860. raise CalledProcessError(p.returncode, arg_string, str(output))
9861.  
9862. 2017-05-11T02:36:01Z DEBUG The ipa-server-install command failed, exception: CalledProcessError: Command '/bin/systemctl restart httpd.service' returned non-zero exit status 1
9863. 2017-05-11T02:36:01Z ERROR Command '/bin/systemctl restart httpd.service' returned non-zero exit status 1
9864. 2017-05-11T02:36:01Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information