[Freeipa-users] ipa-replica-prepare failing
David Dejaeghere
david.dejaeghere at gmail.com
Wed Apr 15 09:48:23 UTC 2015
Hi Honza,
That gave me the exact same output. Any ideas?
Regards,
D
2015-04-15 7:33 GMT+02:00 Jan Cholasta <jcholast at redhat.com>:
> Hi,
>
> Dne 14.4.2015 v 19:47 Rob Crittenden napsal(a):
>
>> David Dejaeghere wrote:
>>
>>> Hi Rob,
>>>
>>> So you want to output of the command using pk12 with server cert and
>>> key? or with the ca chain in there too?
>>>
>>>
>> Oddly enough it is failing in exactly the same place. Those GoDaddy CA
>> certs are still being loaded from somewhere, I'm not sure where, and I
>> suspect that is the source of the problem.
>>
>
> They are in the default CA certificate bundle (in the ca-certificate
> package). I guess NSS loads it automatically.
>
>
>> I'm going to forward the log to a colleague who has worked on this code
>> more recently than I have. Maybe he will have an idea.
>>
>
> Could you try if the following works?
>
> # mv /usr/share/pki/ca-trust-source/ca-bundle.trust.crt
> /root/ca-bundle.trust.crt
>
> # update-ca-trust
>
> # ipa-replica-prepare ...
>
> # mv /root/ca-bundle.trust.crt /usr/share/pki/ca-trust-
> source/ca-bundle.trust.crt
>
> # update-ca-trust
>
>
>> rob
>>
>>
> Honza
>
> --
> Jan Cholasta
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150415/d07cbbfc/attachment.htm>
More information about the Freeipa-users
mailing list