[Freeipa-users] Cannot obtain CA Certificate
John Moyer
john.moyer at digitalreasoning.com
Mon Feb 18 14:58:12 UTC 2013
Hello all,
I am having an issue using IPA 2.2.0. I am trying to put together a proof of concept set of systems. I've stood up 2 servers on AWS. One is the server one is the client. I am using CentOS 6 to do all this testing on, with the default IPA packages provided from CentOS. I had a fully operational proof of concept finished fully scripted to be built without issues. I shutdown and started these as needed to show to people to get approval for the project. The other day the client stopped enrolling to the IPA server, I have no idea why I assume a patch pushed out broke something since it is a fully scripted install. It does get the most recent patches each time I stand it up so it definitely would pull any new patches that came out.
After investigating I am getting this error when I try to manually enroll the client. I haven't been able to find any reference to this error anywhere on the net. Any help would be greatly appreciated! Let me know if any additional details are needed.
PLEASE NOTE: Everything below has been sanitized
[root at client ~]# ipa-client-install --domain=example.com --server=ipa1.example.com --realm=EXAMPLE.COM --configure-ssh --configure-sshd -p ipa-bind -w "blah" -U
DNS domain 'example.com' is not configured for automatic KDC address lookup.
KDC address will be set to fixed value.
Discovery was successful!
Hostname: client.ec2.internal
Realm: EXAMPLE.COM
DNS Domain: digitalreasoning.com
IPA Server: ipa1.example.com
BaseDN: dc=example,dc=com
Synchronizing time with KDC...
ipa : ERROR Cannot obtain CA certificate
'ldap://ipa1.example.com' doesn't have a certificate.
Installation failed. Rolling back changes.
IPA client is not configured on this system.
Thanks,
_____________________________________________________
John Moyer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130218/5e37d47f/attachment.htm>
More information about the Freeipa-users
mailing list