[Freeipa-users] ipa-replica-prepare failed
Rob Crittenden
rcritten at redhat.com
Fri Feb 8 22:19:35 UTC 2013
James James wrote:
> OK .. but I have to put the pkc12 file in /etc/pki/nssdb ?
No. The PKCS#12 file that contains your server private key and cert
needs to also contain the CA that signed it.
rob
>
>
> 2013/2/8 Rob Crittenden <rcritten at redhat.com <mailto:rcritten at redhat.com>>
>
> James James wrote:
>
> Now on the replica server I've got this error :
> Run connection check to master
> Connection check OK
> Configuring ntpd
> [1/4]: stopping ntpd
> [2/4]: writing configuration
> [3/4]: configuring ntpd to start on boot
> [4/4]: starting ntpd
> done configuring ntpd.
> Configuring directory server: Estimated time 1 minute
> [1/30]: creating directory server user
> [2/30]: creating directory server instance
> [3/30]: adding default schema
> [4/30]: enabling memberof plugin
> [5/30]: enabling referential integrity plugin
> [6/30]: enabling winsync plugin
> [7/30]: configuring replication version plugin
> [8/30]: enabling IPA enrollment plugin
> [9/30]: enabling ldapi
> [10/30]: configuring uniqueness plugin
> [11/30]: configuring uuid plugin
> [12/30]: configuring modrdn plugin
> [13/30]: enabling entryUSN plugin
> [14/30]: configuring lockout plugin
> [15/30]: creating indices
> [16/30]: configuring ssl for ds instance
> creation of replica failed: Could not find a CA cert in
> /tmp/tmp21VpT8ipa/realm_info/__dscert.p12
>
> Your system may be partly configured.
> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>
>
> Where I have to put the CA certficate ?
>
>
> It needs to be in the PKCS#12 file.
>
> rob
>
>
More information about the Freeipa-users
mailing list