[Freeipa-users] ipa-replica-prepare failed

James James jreg2k at gmail.com
Sat Feb 9 16:14:05 UTC 2013 

Maybe I am stupid or tired (or both ..) but I  have tried many thing to
include the ca cert, the ipa key and pem file in a single pkcs12 file but I
am still stucked.

Can you give me a more detailled help ?


2013/2/8 Rob Crittenden <rcritten at redhat.com>

> James James wrote:
>
>> OK .. but I have to put the pkc12 file in /etc/pki/nssdb ?
>>
>
> No. The PKCS#12 file that contains your server private key and cert needs
> to also contain the CA that signed it.
>
> rob
>
>
>>
>> 2013/2/8 Rob Crittenden <rcritten at redhat.com <mailto:rcritten at redhat.com
>> >>
>>
>>
>>     James James wrote:
>>
>>         Now on the replica server I've got this error :
>>         Run connection check to master
>>         Connection check OK
>>         Configuring ntpd
>>             [1/4]: stopping ntpd
>>             [2/4]: writing configuration
>>             [3/4]: configuring ntpd to start on boot
>>             [4/4]: starting ntpd
>>         done configuring ntpd.
>>         Configuring directory server: Estimated time 1 minute
>>             [1/30]: creating directory server user
>>             [2/30]: creating directory server instance
>>             [3/30]: adding default schema
>>             [4/30]: enabling memberof plugin
>>             [5/30]: enabling referential integrity plugin
>>             [6/30]: enabling winsync plugin
>>             [7/30]: configuring replication version plugin
>>             [8/30]: enabling IPA enrollment plugin
>>             [9/30]: enabling ldapi
>>             [10/30]: configuring uniqueness plugin
>>             [11/30]: configuring uuid plugin
>>             [12/30]: configuring modrdn plugin
>>             [13/30]: enabling entryUSN plugin
>>             [14/30]: configuring lockout plugin
>>             [15/30]: creating indices
>>             [16/30]: configuring ssl for ds instance
>>         creation of replica failed: Could not find a CA cert in
>>         /tmp/tmp21VpT8ipa/realm_info/_**_dscert.p12
>>
>>
>>         Your system may be partly configured.
>>         Run /usr/sbin/ipa-server-install --uninstall to clean up.
>>
>>
>>         Where I have to put the CA certficate ?
>>
>>
>>     It needs to be in the PKCS#12 file.
>>
>>     rob
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130209/d63a3a47/attachment.htm>

More information about the Freeipa-users mailing list