<div dir="ltr"><div><div><div>Hi,<br><br>Let me know how I can assist.  <br></div>In the meantime could I setup a replica using a different certificate? Self signed or anything like that?<br><br></div>Regards,<br><br></div>D<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-17 15:27 GMT+02:00 Jan Cholasta <span dir="ltr"><<a href="mailto:jcholast@redhat.com" target="_blank">jcholast@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I don't have any new information. I'm trying to reproduce the problem but had no luck so far.<br>
<br>
Honza<br>
<br>
Dne 17.4.2015 v 15:23 David Dejaeghere napsal(a):<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
Hi,<br>
<br>
Any more things I can try out? How do we proceed?<br>
<br>
Kind Regards,<br>
<br>
D<br>
<br>
2015-04-15 11:48 GMT+02:00 David Dejaeghere <<a href="mailto:david.dejaeghere@gmail.com" target="_blank">david.dejaeghere@gmail.com</a><br></span>
<mailto:<a href="mailto:david.dejaeghere@gmail.com" target="_blank">david.dejaeghere@gmail.com</a>>>:<span class=""><br>
<br>
    Hi Honza,<br>
<br>
    That gave me the exact same output.  Any ideas?<br>
<br>
    Regards,<br>
<br>
    D<br>
<br>
    2015-04-15 7:33 GMT+02:00 Jan Cholasta <<a href="mailto:jcholast@redhat.com" target="_blank">jcholast@redhat.com</a><br></span>
    <mailto:<a href="mailto:jcholast@redhat.com" target="_blank">jcholast@redhat.com</a>>>:<span class=""><br>
<br>
        Hi,<br>
<br>
        Dne 14.4.2015 v 19:47 Rob Crittenden napsal(a):<br>
<br>
            David Dejaeghere wrote:<br>
<br>
                Hi Rob,<br>
<br>
                So you want to output of the command using pk12 with<br>
                server cert and<br>
                key? or with the ca chain in there too?<br>
<br>
<br>
            Oddly enough it is failing in exactly the same place. Those<br>
            GoDaddy CA<br>
            certs are still being loaded from somewhere, I'm not sure<br>
            where, and I<br>
            suspect that is the source of the problem.<br>
<br>
<br>
        They are in the default CA certificate bundle (in the<br>
        ca-certificate package). I guess NSS loads it automatically.<br>
<br>
<br>
            I'm going to forward the log to a colleague who has worked<br>
            on this code<br>
            more recently than I have. Maybe he will have an idea.<br>
<br>
<br>
        Could you try if the following works?<br>
<br></span>
             # mv /usr/share/pki/ca-trust-__source/ca-bundle.trust.crt<span class=""><br>
        /root/ca-bundle.trust.crt<br>
<br>
             # update-ca-trust<br>
<br>
             # ipa-replica-prepare ...<br>
<br>
             # mv /root/ca-bundle.trust.crt<br></span>
        /usr/share/pki/ca-trust-__source/ca-bundle.trust.crt<span class=""><br>
<br>
             # update-ca-trust<br>
<br>
<br>
            rob<br>
<br>
<br>
        Honza<br>
<br>
        --<br>
        Jan Cholasta<br>
<br>
<br>
<br>
</span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<br>
-- <br>
Jan Cholasta<br>
</font></span></blockquote></div><br></div>