[Freeipa-users] How to remove the CA cert from an IDM replica

Todd Maugh tmaugh at boingo.com
Wed Mar 12 21:29:38 UTC 2014 

Im seeing this error:

where is the install log located

[root at idm-rep02-w1c-aws ipa]# ipa-replica-install --setup-ca /var/lib/ipa/replica-info-idm-rep02-w1c-aws.ops.boingo.com.gpg --skip-conncheck
Directory Manager (existing master) password: 

Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
A CA is already configured on this system.
[root at idm-rep02-w1c-aws ipa]# ipa-replica-install  /var/lib/ipa/replica-info-idm-rep02-w1c-aws.ops.boingo.com.gpg --skip-conncheck
Directory Manager (existing master) password: 

Configuring NTP daemon (ntpd)
  [1/4]: stopping ntpd
  [2/4]: writing configuration
  [3/4]: configuring ntpd to start on boot
  [4/4]: starting ntpd
Done configuring NTP daemon (ntpd).
Configuring directory server (dirsrv): Estimated time 1 minute
  [1/31]: creating directory server user
  [2/31]: creating directory server instance
  [3/31]: adding default schema
  [4/31]: enabling memberof plugin
  [5/31]: enabling winsync plugin
  [6/31]: configuring replication version plugin
  [7/31]: enabling IPA enrollment plugin
  [8/31]: enabling ldapi
  [9/31]: disabling betxn plugins
  [10/31]: configuring uniqueness plugin
  [11/31]: configuring uuid plugin
  [12/31]: configuring modrdn plugin
  [13/31]: enabling entryUSN plugin
  [14/31]: configuring lockout plugin
  [15/31]: creating indices
  [16/31]: enabling referential integrity plugin
  [17/31]: configuring ssl for ds instance
  [18/31]: configuring certmap.conf
  [19/31]: configure autobind for root
  [20/31]: configure new location for managed entries
  [21/31]: restarting directory server
  [22/31]: setting up initial replication
Starting replication, please wait until this has completed.
[idm-master-els.ops.boingo.com] reports: Update failed! Status: [-1  - LDAP error: Can't contact LDAP server]

Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.


________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Simo Sorce [simo at redhat.com]
Sent: Wednesday, March 12, 2014 2:23 PM
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] How to remove the CA cert from an IDM replica

On Wed, 2014-03-12 at 21:10 +0000, Todd Maugh wrote:
> I need to remove the CA certs on a box from a previous IDM install
>
> what is the command to do this
>
> error im getting is
>
> A CA is already configured on this system.

rm /etc/ipa/ca.crt

Simo.

--
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list