[Freeipa-users] ipa-replica-prepare failing

David Dejaeghere david.dejaeghere at gmail.com
Thu Apr 9 14:21:21 UTC 2015 

Hi,

Sorry for the lack of details!
You are indeed  correct about the version its 4.1
The command I am using is this:
ipa-replica-prepare ipa-r1.myobscureddomain.com --http-cert-file
/home/fedora/newcert.pk12 --dirsrv-cert-file /home/fedora/newcert.pk12
--ip-address 172.31.16.31 -v

Regards,

D

2015-04-09 16:16 GMT+02:00 Rob Crittenden <rcritten at redhat.com>:

> David Dejaeghere wrote:
> > Hi,
> >
> > Does somebody have any pointers for me regarding this issue?
>
> It would help very much if you'd include the version you're working
> with. Based on line numbers I'll assume IPA 4.1.
>
> It's hard to say since you don't include the command-line you're using,
> or what those files consist of.
>
> It looks like it is blowing up trying to verify that the whole
> certificate chain is available. NSS unfortunately doesn't always provide
> the best error messages so it's hard to say why this particular cert
> can't be loaded.
>
> rob
>
> >
> > Regards,
> >
> > D
> >
> > 2015-04-07 13:34 GMT+02:00 David Dejaeghere <david.dejaeghere at gmail.com
> > <mailto:david.dejaeghere at gmail.com>>:
> >
> >     Hello,
> >
> >     I am trying to setup a replica for my master which has been setup
> >     with an external CA to use our godaddy wildcard certificate.
> >     The ipa-replica-prepare is failing with the following debug
> information.
> >     I am using --http-cert  and --dirsrv-cert with my pk12 server
> >     certificate.
> >     What can I verify to get an idea of what is going wrong?
> >
> >     ipa: DEBUG: stderr=
> >     ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG:
> >     File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line
> >     169, in execute
> >         self.ask_for_options()
> >       File
> >
>  "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py",
> >     line 276, in ask_for_options
> >         options.http_cert_name)
> >       File
> >
>  "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py",
> >     line 176, in load_pkcs12
> >         host_name=self.replica_fqdn)
> >       File
> >
>  "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line
> >     785, in load_pkcs12
> >         nss_cert = x509.load_certificate(cert, x509.DER)
> >       File "/usr/lib/python2.7/site-packages/ipalib/x509.py", line 128,
> >     in load_certificate
> >         return nss.Certificate(buffer(data))
> >
> >     ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: The
> >     ipa-replica-prepare command failed, exception: NSPRError:
> >     (SEC_ERROR_LIBRARY_FAILURE) security library failure.
> >     ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR:
> >     (SEC_ERROR_LIBRARY_FAILURE) security library failure.
> >
> >     Regards,
> >
> >     D
> >
> >
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150409/5bed4555/attachment.htm>

More information about the Freeipa-users mailing list