[Freeipa-users] ipa-replica-prepare failing
David Dejaeghere
david.dejaeghere at gmail.com
Fri Apr 17 13:23:51 UTC 2015
Hi,
Any more things I can try out? How do we proceed?
Kind Regards,
D
2015-04-15 11:48 GMT+02:00 David Dejaeghere <david.dejaeghere at gmail.com>:
> Hi Honza,
>
> That gave me the exact same output. Any ideas?
>
> Regards,
>
> D
>
> 2015-04-15 7:33 GMT+02:00 Jan Cholasta <jcholast at redhat.com>:
>
>> Hi,
>>
>> Dne 14.4.2015 v 19:47 Rob Crittenden napsal(a):
>>
>>> David Dejaeghere wrote:
>>>
>>>> Hi Rob,
>>>>
>>>> So you want to output of the command using pk12 with server cert and
>>>> key? or with the ca chain in there too?
>>>>
>>>>
>>> Oddly enough it is failing in exactly the same place. Those GoDaddy CA
>>> certs are still being loaded from somewhere, I'm not sure where, and I
>>> suspect that is the source of the problem.
>>>
>>
>> They are in the default CA certificate bundle (in the ca-certificate
>> package). I guess NSS loads it automatically.
>>
>>
>>> I'm going to forward the log to a colleague who has worked on this code
>>> more recently than I have. Maybe he will have an idea.
>>>
>>
>> Could you try if the following works?
>>
>> # mv /usr/share/pki/ca-trust-source/ca-bundle.trust.crt
>> /root/ca-bundle.trust.crt
>>
>> # update-ca-trust
>>
>> # ipa-replica-prepare ...
>>
>> # mv /root/ca-bundle.trust.crt /usr/share/pki/ca-trust-
>> source/ca-bundle.trust.crt
>>
>> # update-ca-trust
>>
>>
>>> rob
>>>
>>>
>> Honza
>>
>> --
>> Jan Cholasta
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150417/c301ebdd/attachment.htm>
More information about the Freeipa-users
mailing list