<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
On 08/01/2011 03:19 PM, Rob Crittenden wrote:
<blockquote cite="mid:4E36FC4C.4030506@redhat.com" type="cite">Ade
Lee from the dogtag team looked at our installer and found that we
restarted the pki-cad process too many times. Re-arranging some
code allows us to restart it just once. The new config time for
dogtag is 3 1/2 minutes, down from about 5 1/2.
<br>
<br>
Ade is working on improvements in pki-silent as well which can
bring the overall install time to 90 seconds. If we can get a
change in SELinux policy we're looking at 60 seconds.
<br>
<br>
This patch just contains the reworked installer part. Once an
updated dogtag is released we can update the spec file to pull it
in.
<br>
<br>
rob
<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre>
</blockquote>
<br>
<br>
Something is wrong. When I installed this patch, the browser works
fine in a clean mode (never before initiailzied). Howevr, if the
browser already has a certificate from the server, in the past I was
able to go into Edit->preferences->advanced->Certificates,
and remove both the server and the CA certificate, and then restart
the browser. That does not work now. I just get the message<br>
<br>
Secure Connection Failed<br>
An error occurred during a connection to
server15.ayoung.boston.devel.redhat.com.<br>
<br>
You have received an invalid certificate. Please contact the server
administrator or email correspondent and give them the following
information:<br>
<br>
Your certificate contains the same serial number as another
certificate issued by the certificate authority. Please get a new
certificate containing a unique serial number.<br>
<br>
(Error code: sec_error_reused_issuer_and_serial) <br>
<br>
The page you are trying to view can not be shown because the
authenticity of the received data could not be verified.<br>
Please contact the web site owners to inform them of this problem.
Alternatively, use the command found in the help menu to report this
broken site.<br>
<br>
<br>
Restarting IPA made no difference. The browser does not provide a
lot of info in which to debug this.<br>
<br>
<br>
I'll try again with out the patch and see if there is a difference.<br>
<br>
</body>
</html>