<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 06/21/2016 01:03 PM, Endi Sukma
      Dewata wrote:<br>
    </div>
    <blockquote
      cite="mid:8fc52c84-c6dc-309c-6aac-cb3f8a6f3bd6@redhat.com"
      type="cite">The pki pkcs12-import CLI has been modified not to
      import
      <br>
      certificates that already exist in the NSS database unless
      <br>
      specifically requested with the --overwrite parameter. This
      <br>
      will avoid changing the trust flags of the CA signing
      <br>
      certificate during KRA cloning.
      <br>
      <br>
      The some other classes have been modified to provide better
      <br>
      debugging information.
      <br>
      <br>
      <a class="moz-txt-link-freetext" href="https://fedorahosted.org/pki/ticket/2374">https://fedorahosted.org/pki/ticket/2374</a>
      <br>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
    </blockquote>
    Ran the following test:<br>
    <blockquote>
      <div class="change" id="trac-change-2">
        <div class="comment searchable">
          <p>
            Steps to reproduce:
          </p>
          <ol>
            <li>Install CA and KRA on master:
            </li>
          </ol>
          <pre class="wiki">$ ipa-server-install -U -r EXAMPLE.COM -p Secret123 -a Secret123
$ ipa-kra-install -p Secret123
</pre>
          <ol start="2">
            <li>Install CA and KRA on replica:
            </li>
          </ol>
          <pre class="wiki">$ ipa-client-install -U --server server.example.com --domain example.com \
  --realm EXAMPLE.COM -p admin -w Secret123
$ echo Secret123 | kinit admin
$ ipa-replica-install -U --setup-ca -p Secret123 -w Secret123
$ ipa-kra-install -p Secret123
</pre>
          <p>
            Actual result: Success! The KRA installation on replica
            succeeded!<br>
          </p>
        </div>
      </div>
    </blockquote>
    ACK
    <div class="change" id="trac-change-2">
      <div class="comment searchable">
        <p><br>
        </p>
      </div>
    </div>
    <blockquote>
      <div class="change" id="trac-change-2">
        <div class="comment searchable">
          <p> </p>
        </div>
      </div>
    </blockquote>
  </body>
</html>