[Freeipa-users] ipa-replica-prepare failing

Rob Crittenden rcritten at redhat.com
Thu Apr 9 14:16:37 UTC 2015 

David Dejaeghere wrote:
> Hi,
> 
> Does somebody have any pointers for me regarding this issue?

It would help very much if you'd include the version you're working
with. Based on line numbers I'll assume IPA 4.1.

It's hard to say since you don't include the command-line you're using,
or what those files consist of.

It looks like it is blowing up trying to verify that the whole
certificate chain is available. NSS unfortunately doesn't always provide
the best error messages so it's hard to say why this particular cert
can't be loaded.

rob

> 
> Regards,
> 
> D
> 
> 2015-04-07 13:34 GMT+02:00 David Dejaeghere <david.dejaeghere at gmail.com
> <mailto:david.dejaeghere at gmail.com>>:
> 
>     Hello,
> 
>     I am trying to setup a replica for my master which has been setup
>     with an external CA to use our godaddy wildcard certificate.
>     The ipa-replica-prepare is failing with the following debug information.
>     I am using --http-cert  and --dirsrv-cert with my pk12 server
>     certificate.
>     What can I verify to get an idea of what is going wrong?
> 
>     ipa: DEBUG: stderr=
>     ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG:  
>     File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line
>     169, in execute
>         self.ask_for_options()
>       File
>     "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py",
>     line 276, in ask_for_options
>         options.http_cert_name)
>       File
>     "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py",
>     line 176, in load_pkcs12
>         host_name=self.replica_fqdn)
>       File
>     "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line
>     785, in load_pkcs12
>         nss_cert = x509.load_certificate(cert, x509.DER)
>       File "/usr/lib/python2.7/site-packages/ipalib/x509.py", line 128,
>     in load_certificate
>         return nss.Certificate(buffer(data))
> 
>     ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: The
>     ipa-replica-prepare command failed, exception: NSPRError:
>     (SEC_ERROR_LIBRARY_FAILURE) security library failure.
>     ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR:
>     (SEC_ERROR_LIBRARY_FAILURE) security library failure.
> 
>     Regards,
> 
>     D
> 
> 
> 
>

More information about the Freeipa-users mailing list