[Freeipa-users] ipa-replica-prepare failing
Jan Cholasta
jcholast at redhat.com
Fri Apr 17 13:27:06 UTC 2015
Hi,
I don't have any new information. I'm trying to reproduce the problem
but had no luck so far.
Honza
Dne 17.4.2015 v 15:23 David Dejaeghere napsal(a):
> Hi,
>
> Any more things I can try out? How do we proceed?
>
> Kind Regards,
>
> D
>
> 2015-04-15 11:48 GMT+02:00 David Dejaeghere <david.dejaeghere at gmail.com
> <mailto:david.dejaeghere at gmail.com>>:
>
> Hi Honza,
>
> That gave me the exact same output. Any ideas?
>
> Regards,
>
> D
>
> 2015-04-15 7:33 GMT+02:00 Jan Cholasta <jcholast at redhat.com
> <mailto:jcholast at redhat.com>>:
>
> Hi,
>
> Dne 14.4.2015 v 19:47 Rob Crittenden napsal(a):
>
> David Dejaeghere wrote:
>
> Hi Rob,
>
> So you want to output of the command using pk12 with
> server cert and
> key? or with the ca chain in there too?
>
>
> Oddly enough it is failing in exactly the same place. Those
> GoDaddy CA
> certs are still being loaded from somewhere, I'm not sure
> where, and I
> suspect that is the source of the problem.
>
>
> They are in the default CA certificate bundle (in the
> ca-certificate package). I guess NSS loads it automatically.
>
>
> I'm going to forward the log to a colleague who has worked
> on this code
> more recently than I have. Maybe he will have an idea.
>
>
> Could you try if the following works?
>
> # mv /usr/share/pki/ca-trust-__source/ca-bundle.trust.crt
> /root/ca-bundle.trust.crt
>
> # update-ca-trust
>
> # ipa-replica-prepare ...
>
> # mv /root/ca-bundle.trust.crt
> /usr/share/pki/ca-trust-__source/ca-bundle.trust.crt
>
> # update-ca-trust
>
>
> rob
>
>
> Honza
>
> --
> Jan Cholasta
>
>
>
--
Jan Cholasta
More information about the Freeipa-users
mailing list