[Freeipa-devel] [PATCH] 843 reduce dogtag install time
Adam Young
ayoung at redhat.com
Tue Aug 2 03:03:05 UTC 2011
On 08/01/2011 10:26 PM, Adam Young wrote:
> On 08/01/2011 03:19 PM, Rob Crittenden wrote:
>> Ade Lee from the dogtag team looked at our installer and found that
>> we restarted the pki-cad process too many times. Re-arranging some
>> code allows us to restart it just once. The new config time for
>> dogtag is 3 1/2 minutes, down from about 5 1/2.
>>
>> Ade is working on improvements in pki-silent as well which can bring
>> the overall install time to 90 seconds. If we can get a change in
>> SELinux policy we're looking at 60 seconds.
>>
>> This patch just contains the reworked installer part. Once an updated
>> dogtag is released we can update the spec file to pull it in.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
Disregard: same thing seems to be happening without this patch.
>
> Something is wrong. When I installed this patch, the browser works
> fine in a clean mode (never before initiailzied). Howevr, if the
> browser already has a certificate from the server, in the past I was
> able to go into Edit->preferences->advanced->Certificates, and remove
> both the server and the CA certificate, and then restart the browser.
> That does not work now. I just get the message
>
> Secure Connection Failed
> An error occurred during a connection to
> server15.ayoung.boston.devel.redhat.com.
>
> You have received an invalid certificate. Please contact the server
> administrator or email correspondent and give them the following
> information:
>
> Your certificate contains the same serial number as another
> certificate issued by the certificate authority. Please get a new
> certificate containing a unique serial number.
>
> (Error code: sec_error_reused_issuer_and_serial)
>
> The page you are trying to view can not be shown because the
> authenticity of the received data could not be verified.
> Please contact the web site owners to inform them of this problem.
> Alternatively, use the command found in the help menu to report this
> broken site.
>
>
> Restarting IPA made no difference. The browser does not provide a lot
> of info in which to debug this.
>
>
> I'll try again with out the patch and see if there is a difference.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110801/52d86229/attachment.htm>
More information about the Freeipa-devel
mailing list