[Freeipa-users] Replica setup fails to configure httpd correctly

Goff, Raal raal.goff at zettaserve.com
Tue Jun 28 07:44:28 UTC 2011 

Hi List,

I'm having trouble setting up an IPA replica. It seems to fail when configuring httpd:

Configuring the web interface: Estimated time 1 minute
  [1/11]: disabling mod_ssl in httpd
  [2/11]: setting mod_nss port to 443
  [3/11]: setting mod_nss password file
  [4/11]: adding URL rewriting rules
  [5/11]: configuring httpd
  [6/11]: setting up ssl
  [7/11]: publish CA cert
  [8/11]: creating a keytab for httpd
  [9/11]: configuring SELinux for httpd
  [10/11]: restarting httpd
creation of replica failed: Command '/sbin/service httpd restart ' returned non-zero exit status 1

Looking in /var/log/httpd/error_log gives:

[Tue Jun 28 14:50:35 2011] [error] Certificate not found: 'Server-Cert'

Running certutil i can see that the certificate exists in the NSS certificate directory:

[root at ipa2 conf.d]# certutil -d /etc/httpd/alias/ -L

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

Server-Cert                                                  ,,
AUTH.EXAMPLE.COM<http://AUTH.EXAMPLE.COM> IPA CA                                   CT,C,

Looking at /etc/httpd/conf/password.conf , it seems that no password has been set:

[root at ipa2 alias]# cat /etc/httpd/conf/password.conf
internal:

Is there any known issue that would cause this to happen? It seems to be reason mod_nss cant load the certificate.


-R

________________________________
ZettaServe Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately if you have received this email by mistake and delete this email from your system. Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. ZettaServe Pty Ltd accepts no liability for any damage caused by any virus transmitted by this email.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110628/b91e41d0/attachment.htm>

More information about the Freeipa-users mailing list