[Freeipa-devel] [PATCH] 843 reduce dogtag install time
Petr Vobornik
pvoborni at redhat.com
Wed Aug 3 07:02:40 UTC 2011
On Mon, 2011-08-01 at 23:03 -0400, Adam Young wrote:
> On 08/01/2011 10:26 PM, Adam Young wrote:
> > On 08/01/2011 03:19 PM, Rob Crittenden wrote:
> > > Ade Lee from the dogtag team looked at our installer and found
> > > that we restarted the pki-cad process too many times. Re-arranging
> > > some code allows us to restart it just once. The new config time
> > > for dogtag is 3 1/2 minutes, down from about 5 1/2.
> > >
> > > Ade is working on improvements in pki-silent as well which can
> > > bring the overall install time to 90 seconds. If we can get a
> > > change in SELinux policy we're looking at 60 seconds.
> > >
> > > This patch just contains the reworked installer part. Once an
> > > updated dogtag is released we can update the spec file to pull it
> > > in.
> > >
> > > rob
> > >
> > > _______________________________________________
> > > Freeipa-devel mailing list
> > > Freeipa-devel at redhat.com
> > > https://www.redhat.com/mailman/listinfo/freeipa-devel
> >
>
> Disregard: same thing seems to be happening without this patch.
>
> >
> > Something is wrong. When I installed this patch, the browser works
> > fine in a clean mode (never before initiailzied). Howevr, if the
> > browser already has a certificate from the server, in the past I was
> > able to go into Edit->preferences->advanced->Certificates, and
> > remove both the server and the CA certificate, and then restart the
> > browser. That does not work now. I just get the message
> >
> > Secure Connection Failed
> > An error occurred during a connection to
> > server15.ayoung.boston.devel.redhat.com.
> >
> > You have received an invalid certificate. Please contact the server
> > administrator or email correspondent and give them the following
> > information:
> >
> > Your certificate contains the same serial number as another
> > certificate issued by the certificate authority. Please get a new
> > certificate containing a unique serial number.
> >
> > (Error code: sec_error_reused_issuer_and_serial)
> >
> > The page you are trying to view can not be shown because the
> > authenticity of the received data could not be verified.
> > Please contact the web site owners to inform them of this problem.
> > Alternatively, use the command found in the help menu to report this
> > broken site.
> >
> >
> > Restarting IPA made no difference. The browser does not provide a
> > lot of info in which to debug this.
> >
> >
> > I'll try again with out the patch and see if there is a difference.
> >
In Firefox 5 I also have to clear browser cache along with removing
certificates to get rid of 'sec_error_reused_issuer_and_serial'.
Petr
More information about the Freeipa-devel
mailing list