[Freeipa-users] Can't create replica with promoted master server
Thomas,Dave
d.Thomas at colostate.edu
Wed Jun 10 20:20:22 UTC 2009
Hi,
I'm having trouble setting up replication after I promoted a replica to be the master. I followed the instructions here: https://bugzilla.redhat.com/show_bug.cgi?id=486950, but to import the certificate had to use the following command inside /etc/dirsrv/slapd-REALM:
# pk12util -i ~/cacert.p12 -k pwdfile.txt -w ~/pwdfile.txt -d .
(~/cacert.p12 and ~/pwdfile.txt are both from the old master server.)
Then I deleted the replication agreement and turned off the old master.
The new master seems to be working fine, but when I try to set up a new replica, I get the following message:
[12/17]: restarting directory server
root : CRITICAL Failed to restart the directory server. See the installation log for details.
ipareplica-install.log says this:
2009-06-10 14:01:37,212 INFO [10/Jun/2009:14:01:27 -0600] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert Server-Cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179 - Peer's Certificate issuer is not recognized.)
[10/Jun/2009:14:01:27 -0600] - SSL failure: None of the cipher are valid
The new master server is running Fedora 10, and the new replica is has Fedora 11.
I don't know much about SSL, so at this point, I'm not sure what to do.
Thanks,
Dave
More information about the Freeipa-users
mailing list