[Freeipa-devel] [PATCH] 843 reduce dogtag install time

Adam Young ayoung at redhat.com
Tue Aug 2 03:03:05 UTC 2011 

On 08/01/2011 10:26 PM, Adam Young wrote:
> On 08/01/2011 03:19 PM, Rob Crittenden wrote:
>> Ade Lee from the dogtag team looked at our installer and found that 
>> we restarted the pki-cad process too many times. Re-arranging some 
>> code allows us to restart it just once. The new config time for 
>> dogtag is 3 1/2 minutes, down from about 5 1/2.
>>
>> Ade is working on improvements in pki-silent as well which can bring 
>> the overall install time to 90 seconds. If we can get a change in 
>> SELinux policy we're looking at 60 seconds.
>>
>> This patch just contains the reworked installer part. Once an updated 
>> dogtag is released we can update the spec file to pull it in.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>

Disregard:  same thing seems to be happening without this patch.

>
> Something is wrong.  When I installed this patch, the browser works 
> fine in a clean mode (never before initiailzied).  Howevr, if the 
> browser already has a certificate from the server, in the past I was 
> able to go into  Edit->preferences->advanced->Certificates, and remove 
> both the server and the CA certificate, and then restart the browser.  
> That does not work now.  I just get the message
>
> Secure Connection Failed
>         An error occurred during a connection to 
> server15.ayoung.boston.devel.redhat.com.
>
> You have received an invalid certificate.  Please contact the server 
> administrator or email correspondent and give them the following 
> information:
>
> Your certificate contains the same serial number as another 
> certificate issued by the certificate authority.  Please get a new 
> certificate containing a unique serial number.
>
> (Error code: sec_error_reused_issuer_and_serial)
>
>   The page you are trying to view can not be shown because the 
> authenticity of the received data could not be verified.
>   Please contact the web site owners to inform them of this problem. 
> Alternatively, use the command found in the help menu to report this 
> broken site.
>
>
> Restarting IPA made no difference.  The browser does not provide a lot 
> of info in which to debug this.
>
>
> I'll try again with out the patch and see if there is a difference.
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110801/52d86229/attachment.htm>

More information about the Freeipa-devel mailing list