[Freeipa-users] While attempting to make a replica....I get this failure....

Steven Jones Steven.Jones at vuw.ac.nz
Mon Feb 28 19:41:02 UTC 2011 

===========

[root at fed14-64-ipam001 init.d]# certutil -L -d /etc/httpd/alias

Certificate Nickname                                         Trust
Attributes

SSL,S/MIME,JAR/XPI

Signing-Cert                                                 u,u,u
IPA.AC.NZ IPA CA                                             CT,C,C
ipaCert                                                      u,u,u
Server-Cert                                                  u,u,u
[root at fed14-64-ipam001 init.d]# 

===========

regards


On Mon, 2011-02-28 at 10:50 -0500, Rob Crittenden wrote:
> Steven Jones wrote:
> >
> > [root at fed14-64-ipam001 jonesst1]# ipa-replica-prepare
> > fed14-64-ipam002.ipa.ac.nz
> > Directory Manager (existing master) password:
> >
> > Preparing replica for fed14-64-ipam002.ipa.ac.nz from
> > fed14-64-ipam001.ipa.ac.nz
> > Creating SSL certificate for the Directory Server
> > ipa: INFO: sslget
> > 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient'
> > Creating SSL certificate for the Web Server
> > ipa: INFO: sslget
> > 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient'
> > preparation of replica failed: cannot connect to
> > 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key necessary for authentication.
> > cannot connect to
> > 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key necessary for authentication.
> >    File "/usr/sbin/ipa-replica-prepare", line 431, in<module>
> >      main()
> >
> >    File "/usr/sbin/ipa-replica-prepare", line 363, in main
> >      export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "httpcert",
> > replica_fqdn, subject_base)
> >
> >    File "/usr/sbin/ipa-replica-prepare", line 136, in export_certdb
> >      raise e
> >
> >
> > If I go to the URL I get,
> >
> > ================
> >
> > The Certificate System has encountered an unrecoverable error.
> >
> > Error Message:
> > java.lang.NullPointerException
> >
> > Please contact your local administrator for assistance.
> > ================
> >
> > ???
> >
> > regards
> 
> Can you provide the output of:
> 
> # certutil -L -d /etc/httpd/alias
> 
> During installation dogtag provides us with an RA agent certificate that 
> we use to communicate with the CA. This certificate should be stored in 
> /etc/httpd/alias.
> 
> rob

More information about the Freeipa-users mailing list