[Freeipa-users] While attempting to make a replica....I get this failure....
Steven Jones
Steven.Jones at vuw.ac.nz
Mon Feb 28 19:41:02 UTC 2011
===========
[root at fed14-64-ipam001 init.d]# certutil -L -d /etc/httpd/alias
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
Signing-Cert u,u,u
IPA.AC.NZ IPA CA CT,C,C
ipaCert u,u,u
Server-Cert u,u,u
[root at fed14-64-ipam001 init.d]#
===========
regards
On Mon, 2011-02-28 at 10:50 -0500, Rob Crittenden wrote:
> Steven Jones wrote:
> >
> > [root at fed14-64-ipam001 jonesst1]# ipa-replica-prepare
> > fed14-64-ipam002.ipa.ac.nz
> > Directory Manager (existing master) password:
> >
> > Preparing replica for fed14-64-ipam002.ipa.ac.nz from
> > fed14-64-ipam001.ipa.ac.nz
> > Creating SSL certificate for the Directory Server
> > ipa: INFO: sslget
> > 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient'
> > Creating SSL certificate for the Web Server
> > ipa: INFO: sslget
> > 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient'
> > preparation of replica failed: cannot connect to
> > 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key necessary for authentication.
> > cannot connect to
> > 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key necessary for authentication.
> > File "/usr/sbin/ipa-replica-prepare", line 431, in<module>
> > main()
> >
> > File "/usr/sbin/ipa-replica-prepare", line 363, in main
> > export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "httpcert",
> > replica_fqdn, subject_base)
> >
> > File "/usr/sbin/ipa-replica-prepare", line 136, in export_certdb
> > raise e
> >
> >
> > If I go to the URL I get,
> >
> > ================
> >
> > The Certificate System has encountered an unrecoverable error.
> >
> > Error Message:
> > java.lang.NullPointerException
> >
> > Please contact your local administrator for assistance.
> > ================
> >
> > ???
> >
> > regards
>
> Can you provide the output of:
>
> # certutil -L -d /etc/httpd/alias
>
> During installation dogtag provides us with an RA agent certificate that
> we use to communicate with the CA. This certificate should be stored in
> /etc/httpd/alias.
>
> rob
More information about the Freeipa-users
mailing list