[Freeipa-users] ipa-replica-prepare failing
Jan Cholasta
jcholast at redhat.com
Thu Apr 23 05:40:27 UTC 2015
Hi,
yes, you can definitely use a different certificate in the meantime,
although it can't be self-signed.
Honza
Dne 20.4.2015 v 14:17 David Dejaeghere napsal(a):
> Hi,
>
> Let me know how I can assist.
> In the meantime could I setup a replica using a different certificate?
> Self signed or anything like that?
>
> Regards,
>
> D
>
> 2015-04-17 15:27 GMT+02:00 Jan Cholasta <jcholast at redhat.com
> <mailto:jcholast at redhat.com>>:
>
> Hi,
>
> I don't have any new information. I'm trying to reproduce the
> problem but had no luck so far.
>
> Honza
>
> Dne 17.4.2015 v 15:23 David Dejaeghere napsal(a):
>
> Hi,
>
> Any more things I can try out? How do we proceed?
>
> Kind Regards,
>
> D
>
> 2015-04-15 11:48 GMT+02:00 David Dejaeghere
> <david.dejaeghere at gmail.com <mailto:david.dejaeghere at gmail.com>
> <mailto:david.dejaeghere at gmail.com
> <mailto:david.dejaeghere at gmail.com>>>:
>
> Hi Honza,
>
> That gave me the exact same output. Any ideas?
>
> Regards,
>
> D
>
> 2015-04-15 7:33 GMT+02:00 Jan Cholasta <jcholast at redhat.com
> <mailto:jcholast at redhat.com>
> <mailto:jcholast at redhat.com <mailto:jcholast at redhat.com>>>:
>
> Hi,
>
> Dne 14.4.2015 v 19:47 Rob Crittenden napsal(a):
>
> David Dejaeghere wrote:
>
> Hi Rob,
>
> So you want to output of the command using pk12
> with
> server cert and
> key? or with the ca chain in there too?
>
>
> Oddly enough it is failing in exactly the same
> place. Those
> GoDaddy CA
> certs are still being loaded from somewhere, I'm
> not sure
> where, and I
> suspect that is the source of the problem.
>
>
> They are in the default CA certificate bundle (in the
> ca-certificate package). I guess NSS loads it
> automatically.
>
>
> I'm going to forward the log to a colleague who has
> worked
> on this code
> more recently than I have. Maybe he will have an idea.
>
>
> Could you try if the following works?
>
> # mv
> /usr/share/pki/ca-trust-__source/ca-bundle.trust.crt
> /root/ca-bundle.trust.crt
>
> # update-ca-trust
>
> # ipa-replica-prepare ...
>
> # mv /root/ca-bundle.trust.crt
> /usr/share/pki/ca-trust-__source/ca-bundle.trust.crt
>
> # update-ca-trust
>
>
> rob
>
>
> Honza
>
> --
> Jan Cholasta
>
>
>
>
>
> --
> Jan Cholasta
>
>
--
Jan Cholasta
More information about the Freeipa-users
mailing list