[Freeipa-users] ipa-replica-prepare failing
Orion Poplawski
orion at cora.nwra.com
Mon Aug 17 21:09:57 UTC 2015
On 08/06/2015 04:10 PM, David Dejaeghere wrote:
> Hello Guys,
>
> I was able to resolve this today.
> My webserver and dirsrv certificate were expired yesterday and trying to
> replace them gave me the same error "ERROR: (SEC_ERROR_LIBRARY_FAILURE)
> security library failure."
> So I tried some things to resolve this.
> The trick was to replace /etc/ipa/ca.crt with the godaddy file "gdig2" which
> only has 1 certificare. This file you can get while downloading your
> certificate from godaddy. Then I had to add the bundle from godaddy, file
> gd_bundle-g2-g1 into my server cert.
> This made both the command ipa-server-certinstall and ipa-replicate-prepare
> finish as expected!
>
> Hope this helps. I saw somebody else with a very similar issue.
>
> Kind Regards,
>
> D
Yeah, the source of this issue appears to be a wrong /etc/ipa/ca.crt created
during ipa-server-install. I was able to work around it with:
ipa-certupdate
Which wrote out a correct /etc/ipa/ca.crt.
See https://fedorahosted.org/freeipa/ticket/5117#comment:16
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the Freeipa-users
mailing list