[Freeipa-users] ipa-replica-prepare failed
Rob Crittenden
rcritten at redhat.com
Fri Feb 8 04:08:45 UTC 2013
James James wrote:
> Hi,
> today I wanted to install a ipa replica. When I used the
> ipa-replica-prepare command, I've got this error :
>
> [root at ipa ~]# ipa-replica-prepare ipa2-example.com <http://ipa2-example.com>
> Directory Manager (existing master) password:
>
> Preparing replica for ipa-EXAMPLE.COM from ipa.EXAMPLE.COM
> <http://ipa.EXAMPLE.COM>
> Creating SSL certificate for the Directory Server
> certutil: could not find certificate named "CN=EXAMPLE.COM
> <http://EXAMPLE.COM> Certificate Authority": security library: bad database.
> certutil: unable to create cert (security library: bad database.)
> preparation of replica failed: Command '/usr/bin/certutil -d
> /tmp/tmpoUpN72ipa/realm_info -A -n Server-Cert -t u,u,u -i
> /var/lib/ipa/ipa-6qKbha/tmpcert.der -f
> /tmp/tmpoUpN72ipa/realm_info/pwdfile.txt' returned non-zero exit status 255
> Command '/usr/bin/certutil -d /tmp/tmpoUpN72ipa/realm_info -A -n
> Server-Cert -t u,u,u -i /var/lib/ipa/ipa-6qKbha/tmpcert.der -f
> /tmp/tmpoUpN72ipa/realm_info/pwdfile.txt' returned non-zero exit status 255
> File "/usr/sbin/ipa-replica-prepare", line 459, in <module>
> main()
>
> File "/usr/sbin/ipa-replica-prepare", line 345, in main
> export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dscert",
> replica_fqdn, subject_base)
>
> File "/usr/sbin/ipa-replica-prepare", line 143, in export_certdb
> raise e
>
>
> I have a certificate generated by a custom certificate authority in the
> ipa server.
Need more information on your installation. What version of IPA, what
distro?
Did you use ipa-server-certinstall to replace the default IPA certs?
rob
More information about the Freeipa-users
mailing list