[Freeipa-users] can't register new clients
Rob Crittenden
rcritten at redhat.com
Fri Dec 5 21:03:23 UTC 2014
Rob Crittenden wrote:
> Megan . wrote:
>> Good Day!
>>
>> I am getting an error when i register new clients.
>>
>> libcurl failed to execute the HTTP POST transaction. SSL connect error
>>
>> I can't find anything useful not the internet about the error. Can
>> someone help me troubleshoot?
>>
>> CentOS 6.6 x64
>> ipa-client-3.0.0-42.el6.centos.x86_64
>> ipa-server-3.0.0-42.el6.centos.x86_64
>> curl-7.19.7-40.el6_6.1.x86_64
>
> Do you have NSS_DEFAULT_DB_TYPE set to sql? I don't know that we've done
> any testing on the client with this set.
Never mind, that's not it. The problem is:
* NSS error -8054
Which is SEC_ERROR_REUSED_ISSUER_AND_SERIAL
So I'd do this:
# rm /etc/ipa/ca.crt
You may also want to ensure that the IPA CA certificate isn't in
/etc/pki/nssdb:
# certutil -L -d /etc/pki/nssdb
And then perhaps
# certutil -D -n 'IPA CA' -d /etc/pki/nssdb
rob
More information about the Freeipa-users
mailing list