[Freeipa-users] ipa-replica-prepare failing
David Dejaeghere
david.dejaeghere at gmail.com
Mon Apr 20 12:17:07 UTC 2015
Hi,
Let me know how I can assist.
In the meantime could I setup a replica using a different certificate? Self
signed or anything like that?
Regards,
D
2015-04-17 15:27 GMT+02:00 Jan Cholasta <jcholast at redhat.com>:
> Hi,
>
> I don't have any new information. I'm trying to reproduce the problem but
> had no luck so far.
>
> Honza
>
> Dne 17.4.2015 v 15:23 David Dejaeghere napsal(a):
>
>> Hi,
>>
>> Any more things I can try out? How do we proceed?
>>
>> Kind Regards,
>>
>> D
>>
>> 2015-04-15 11:48 GMT+02:00 David Dejaeghere <david.dejaeghere at gmail.com
>> <mailto:david.dejaeghere at gmail.com>>:
>>
>> Hi Honza,
>>
>> That gave me the exact same output. Any ideas?
>>
>> Regards,
>>
>> D
>>
>> 2015-04-15 7:33 GMT+02:00 Jan Cholasta <jcholast at redhat.com
>> <mailto:jcholast at redhat.com>>:
>>
>> Hi,
>>
>> Dne 14.4.2015 v 19:47 Rob Crittenden napsal(a):
>>
>> David Dejaeghere wrote:
>>
>> Hi Rob,
>>
>> So you want to output of the command using pk12 with
>> server cert and
>> key? or with the ca chain in there too?
>>
>>
>> Oddly enough it is failing in exactly the same place. Those
>> GoDaddy CA
>> certs are still being loaded from somewhere, I'm not sure
>> where, and I
>> suspect that is the source of the problem.
>>
>>
>> They are in the default CA certificate bundle (in the
>> ca-certificate package). I guess NSS loads it automatically.
>>
>>
>> I'm going to forward the log to a colleague who has worked
>> on this code
>> more recently than I have. Maybe he will have an idea.
>>
>>
>> Could you try if the following works?
>>
>> # mv /usr/share/pki/ca-trust-__source/ca-bundle.trust.crt
>> /root/ca-bundle.trust.crt
>>
>> # update-ca-trust
>>
>> # ipa-replica-prepare ...
>>
>> # mv /root/ca-bundle.trust.crt
>> /usr/share/pki/ca-trust-__source/ca-bundle.trust.crt
>>
>> # update-ca-trust
>>
>>
>> rob
>>
>>
>> Honza
>>
>> --
>> Jan Cholasta
>>
>>
>>
>>
>
> --
> Jan Cholasta
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150420/1fd9c14e/attachment.htm>
More information about the Freeipa-users
mailing list