[Freeipa-devel] [freeipa PR#721][comment] Fix RA cert import during DL0 replication
HonzaCholasta
freeipa-github-notification at redhat.com
Wed Apr 19 11:32:54 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/721
Title: #721: Fix RA cert import during DL0 replication
HonzaCholasta commented:
"""
`ipa-replica-install` fails for me:
```
[2/2]: importing RA certificate from PKCS #12 file
[error] CalledProcessError: Command '/usr/bin/openssl pkcs12 -in /tmp/tmpPLwmXjipa/realm_info/ra.p12 -nocerts -nodes -out /var/lib/ipa/ra-agent.key -passin file:/tmp/tmpuzigru' returned non-zero exit status 1
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR Command '/usr/bin/openssl pkcs12 -in /tmp/tmpPLwmXjipa/realm_info/ra.p12 -nocerts -nodes -out /var/lib/ipa/ra-agent.key -passin file:/tmp/tmpuzigru' returned non-zero exit status 1
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
```
`ipareplica-install.log` says:
```
2017-04-19T11:28:53Z DEBUG [2/2]: importing RA certificate from PKCS #12 file
2017-04-19T11:28:53Z DEBUG Starting external process
2017-04-19T11:28:53Z DEBUG args=/usr/bin/openssl pkcs12 -in /tmp/tmpPLwmXjipa/realm_info/ra.p12 -nocerts -nodes -out /var/lib/ipa/ra-agent.key -passin file:/tmp/tmpuzigru
2017-04-19T11:28:53Z DEBUG Process finished, return code=1
2017-04-19T11:28:53Z DEBUG stdout=
2017-04-19T11:28:53Z DEBUG stderr=Mac verify error: invalid password?
```
🤷
"""
See the full comment at https://github.com/freeipa/freeipa/pull/721#issuecomment-295230168
More information about the Freeipa-devel
mailing list