[Freeipa-users] restored replica ssl issue
Les Stott
Less at imagine-sw.com
Mon Nov 10 07:34:57 UTC 2014
Hi all,
I have a standard freeipa environment under rhel6.
One of my replica servers, lets call it "serverB" had issues and I eventually rebuilt it.
I rebuilt and restored data, but something wasn't right. Replication wasn't working. I had tried to re-initialize replication but it didn't help.
The last thing I did was to ....
On serverB
ipa-server-install --uninstall
getcert list
# remove the cert from being tracked (as per info shown after completion of ipa-server-install --uninstall
getcert stop-tracking -i 20131216070540
rm /var/lib/ipa/replica-info-serverB.mydomain.com.gpg
On server (the master)
ipa host-del serverB.mydomain.com.gpg
ipa-replica-manage del serverB.mydomain.com.gpg --force
cd /var/lib/ipa
rm replica-info- serverB.mydomain.com.gpg
This all appeared fine, and seemingly removes serverB completely. So, I then set it back up as a replica in the normal way ,and this worked well. Replication is working and all looks good except for the FreeIPA Web interface.
When I try to browse to https://serverB.mydomain.com/ipa/ui/ I get "unknown Error" in a popup box.
In the apache error log I see....
[Mon Nov 10 02:08:37 2014] [error] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate
I am not sure what "Peer" references - serverB locally?
My gut feel is that perhaps there were leftover remnants (possibly in ipa httpd config) from after the uninstall and the reinstall didn't overwrite them..
Can anyone shed any light on the error above?
Thanks in advance,
Les
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141110/065c3d59/attachment.htm>
More information about the Freeipa-users
mailing list