[Freeipa-users] ipa-replica-prepare failing
Jan Cholasta
jcholast at redhat.com
Wed Apr 15 05:33:29 UTC 2015
Hi,
Dne 14.4.2015 v 19:47 Rob Crittenden napsal(a):
> David Dejaeghere wrote:
>> Hi Rob,
>>
>> So you want to output of the command using pk12 with server cert and
>> key? or with the ca chain in there too?
>>
>
> Oddly enough it is failing in exactly the same place. Those GoDaddy CA
> certs are still being loaded from somewhere, I'm not sure where, and I
> suspect that is the source of the problem.
They are in the default CA certificate bundle (in the ca-certificate
package). I guess NSS loads it automatically.
>
> I'm going to forward the log to a colleague who has worked on this code
> more recently than I have. Maybe he will have an idea.
Could you try if the following works?
# mv /usr/share/pki/ca-trust-source/ca-bundle.trust.crt
/root/ca-bundle.trust.crt
# update-ca-trust
# ipa-replica-prepare ...
# mv /root/ca-bundle.trust.crt
/usr/share/pki/ca-trust-source/ca-bundle.trust.crt
# update-ca-trust
>
> rob
>
Honza
--
Jan Cholasta
More information about the Freeipa-users
mailing list