[Freeipa-users] ipa-replica-prepare failed

James James jreg2k at gmail.com
Fri Feb 8 10:58:29 UTC 2013 

I had to set the --dirsrv_pkcs12, --dirsrv_pin, --http_pkcs12, --http_pin
and the ipa-replica-prepare command runs without failure.

Thanks for your help.


2013/2/8 James James <jreg2k at gmail.com>

> My ipa version is ipa-server-2.2.0-17.el6_3.1.x86_64 and the distro is
> Scientific Linux 6.3.  I have used ipa-server-certinstall to replace the
> default IPA certs.
>
>
>
>
> 2013/2/8 Rob Crittenden <rcritten at redhat.com>
>
>> James James wrote:
>>
>>> Hi,
>>> today I wanted to install a ipa replica. When I used the
>>> ipa-replica-prepare command, I've got this error :
>>>
>>> [root at ipa ~]# ipa-replica-prepare ipa2-example.com <
>>> http://ipa2-example.com>
>>>
>>> Directory Manager (existing master) password:
>>>
>>> Preparing replica for ipa-EXAMPLE.COM from ipa.EXAMPLE.COM
>>> <http://ipa.EXAMPLE.COM>
>>>
>>> Creating SSL certificate for the Directory Server
>>> certutil: could not find certificate named "CN=EXAMPLE.COM
>>> <http://EXAMPLE.COM> Certificate Authority": security library: bad
>>> database.
>>>
>>> certutil: unable to create cert (security library: bad database.)
>>> preparation of replica failed: Command '/usr/bin/certutil -d
>>> /tmp/tmpoUpN72ipa/realm_info -A -n Server-Cert -t u,u,u -i
>>> /var/lib/ipa/ipa-6qKbha/**tmpcert.der -f
>>> /tmp/tmpoUpN72ipa/realm_info/**pwdfile.txt' returned non-zero exit
>>> status 255
>>> Command '/usr/bin/certutil -d /tmp/tmpoUpN72ipa/realm_info -A -n
>>> Server-Cert -t u,u,u -i /var/lib/ipa/ipa-6qKbha/**tmpcert.der -f
>>> /tmp/tmpoUpN72ipa/realm_info/**pwdfile.txt' returned non-zero exit
>>> status 255
>>>    File "/usr/sbin/ipa-replica-**prepare", line 459, in <module>
>>>      main()
>>>
>>>    File "/usr/sbin/ipa-replica-**prepare", line 345, in main
>>>      export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dscert",
>>> replica_fqdn, subject_base)
>>>
>>>    File "/usr/sbin/ipa-replica-**prepare", line 143, in export_certdb
>>>      raise e
>>>
>>>
>>> I have a certificate generated by a custom certificate authority in the
>>> ipa server.
>>>
>>
>> Need more information on your installation. What version of IPA, what
>> distro?
>>
>> Did you use ipa-server-certinstall to replace the default IPA certs?
>>
>> rob
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130208/f1662dd9/attachment.htm>

More information about the Freeipa-users mailing list