[Freeipa-devel] [PATCH] 843 reduce dogtag install time

Adam Young ayoung at redhat.com
Tue Aug 2 02:26:35 UTC 2011 

On 08/01/2011 03:19 PM, Rob Crittenden wrote:
> Ade Lee from the dogtag team looked at our installer and found that we 
> restarted the pki-cad process too many times. Re-arranging some code 
> allows us to restart it just once. The new config time for dogtag is 3 
> 1/2 minutes, down from about 5 1/2.
>
> Ade is working on improvements in pki-silent as well which can bring 
> the overall install time to 90 seconds. If we can get a change in 
> SELinux policy we're looking at 60 seconds.
>
> This patch just contains the reworked installer part. Once an updated 
> dogtag is released we can update the spec file to pull it in.
>
> rob
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel


Something is wrong.  When I installed this patch, the browser works fine 
in a clean mode (never before initiailzied).  Howevr, if the browser 
already has a certificate from the server, in the past I was able to go 
into  Edit->preferences->advanced->Certificates, and remove both the 
server and the CA certificate, and then restart the browser.  That does 
not work now.  I just get the message

Secure Connection Failed
         An error occurred during a connection to 
server15.ayoung.boston.devel.redhat.com.

You have received an invalid certificate.  Please contact the server 
administrator or email correspondent and give them the following 
information:

Your certificate contains the same serial number as another certificate 
issued by the certificate authority.  Please get a new certificate 
containing a unique serial number.

(Error code: sec_error_reused_issuer_and_serial)

   The page you are trying to view can not be shown because the 
authenticity of the received data could not be verified.
   Please contact the web site owners to inform them of this problem. 
Alternatively, use the command found in the help menu to report this 
broken site.


Restarting IPA made no difference.  The browser does not provide a lot 
of info in which to debug this.


I'll try again with out the patch and see if there is a difference.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110801/02ff47e5/attachment.htm>

More information about the Freeipa-devel mailing list