[Freeipa-users] Error on "Setting up Multi-Master Replication"
Fu-Jyh Luo
fujyhluo at yahoo.com
Thu Aug 20 14:04:23 UTC 2009
hi Rob,
Thanks for your information. I did NOT have experience with IPA but your information help me to fix this issue. Here are things I did.
# certutil -d . -L
Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI
CA certificate ,,
Server-Cert CTu,Cu,u
# slapd-SN-FDA-GOV]# certutil -d . -M -n "CA certificate" -t "CTu,u,Cu"
# certutil -d . -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Server-Cert CTu,Cu,u
CA certificate CT,,C
# /etc/init.d/dirsrv start
Starting dirsrv:
SN-FDA-GOV... [ OK ]
However, that was NOT good enough. I have do it for /etc/httpd/alias as well.
# certutil -d /etc/httpd/alias/ -M -n "CA certificate" -t "CT,,C"
# certutil -d /etc/httpd/alias/ -M -n "Server-Cert" -t "u,u,u"
Thanks,
Fu
> Ok, there are 2 problems. The first is that an index
> already exists for some reason so creating the indices in
> the ldif is failing. Not a fatal issue really but looks like
> a bug.
>
> The bigger issue is that the PKCS#12 file for the DS that
> it is trying to load either doesn't contain the CA or isn't
> trusting it for some reason. Did you provide your own
> PKCS#12 files for IPA or are you using the default,
> self-signed CA?
More information about the Freeipa-users
mailing list