[Freeipa-users] ipa-replica-prepare failing

David Dejaeghere david.dejaeghere at gmail.com
Mon Apr 20 12:17:07 UTC 2015 

Hi,

Let me know how I can assist.
In the meantime could I setup a replica using a different certificate? Self
signed or anything like that?

Regards,

D

2015-04-17 15:27 GMT+02:00 Jan Cholasta <jcholast at redhat.com>:

> Hi,
>
> I don't have any new information. I'm trying to reproduce the problem but
> had no luck so far.
>
> Honza
>
> Dne 17.4.2015 v 15:23 David Dejaeghere napsal(a):
>
>> Hi,
>>
>> Any more things I can try out? How do we proceed?
>>
>> Kind Regards,
>>
>> D
>>
>> 2015-04-15 11:48 GMT+02:00 David Dejaeghere <david.dejaeghere at gmail.com
>> <mailto:david.dejaeghere at gmail.com>>:
>>
>>     Hi Honza,
>>
>>     That gave me the exact same output.  Any ideas?
>>
>>     Regards,
>>
>>     D
>>
>>     2015-04-15 7:33 GMT+02:00 Jan Cholasta <jcholast at redhat.com
>>     <mailto:jcholast at redhat.com>>:
>>
>>         Hi,
>>
>>         Dne 14.4.2015 v 19:47 Rob Crittenden napsal(a):
>>
>>             David Dejaeghere wrote:
>>
>>                 Hi Rob,
>>
>>                 So you want to output of the command using pk12 with
>>                 server cert and
>>                 key? or with the ca chain in there too?
>>
>>
>>             Oddly enough it is failing in exactly the same place. Those
>>             GoDaddy CA
>>             certs are still being loaded from somewhere, I'm not sure
>>             where, and I
>>             suspect that is the source of the problem.
>>
>>
>>         They are in the default CA certificate bundle (in the
>>         ca-certificate package). I guess NSS loads it automatically.
>>
>>
>>             I'm going to forward the log to a colleague who has worked
>>             on this code
>>             more recently than I have. Maybe he will have an idea.
>>
>>
>>         Could you try if the following works?
>>
>>              # mv /usr/share/pki/ca-trust-__source/ca-bundle.trust.crt
>>         /root/ca-bundle.trust.crt
>>
>>              # update-ca-trust
>>
>>              # ipa-replica-prepare ...
>>
>>              # mv /root/ca-bundle.trust.crt
>>         /usr/share/pki/ca-trust-__source/ca-bundle.trust.crt
>>
>>              # update-ca-trust
>>
>>
>>             rob
>>
>>
>>         Honza
>>
>>         --
>>         Jan Cholasta
>>
>>
>>
>>
>
> --
> Jan Cholasta
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150420/1fd9c14e/attachment.htm>

More information about the Freeipa-users mailing list