[Freeipa-users] ipa-replica-prepare error: Profile caIPAserviceCert Not Found
Fraser Tweedale
ftweedal at redhat.com
Tue Dec 22 01:46:54 UTC 2015
On Mon, Dec 21, 2015 at 01:57:02PM +0100, Karl Forner wrote:
> Hello,
>
> Running:
> ipa-replica-prepare ipa-h3s1.example.com --ip-address xx.xx.xx.xx -d -v
> fails
> with
> ipa: DEBUG: Protocol: TLS1.2
> ipa: DEBUG: Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
> ipa: DEBUG: request status 200
> ipa: DEBUG: request reason_phrase u'OK'
> ipa: DEBUG: request headers {'date': 'Mon, 21 Dec 2015 12:50:59 GMT',
> 'content-length': '148', 'content-type': 'application/xml', 'server':
> 'Apache-Coyote/1.1'}
> ipa: DEBUG: request body '<?xml version="1.0" encoding="UTF-8"
> standalone="no"?><XMLResponse><Status>1</Status><Error>Profile
> caIPAserviceCert Not Found</Error></XMLResponse>'
> ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 171, in
> execute
>
> The context is probably unusual:
> I run the command on a replica with CA from a server in freeipa v4.1.4 (in
> a adelton/freeipa-server docker)
> which is a freeipa v4.2.3 running in
> adelton/freeipa-server:lastest-systemd docker
>
> I found this ticket which looks similar:
> https://fedorahosted.org/freeipa/ticket/5376
>
> Is there something wrong with my replica knowing that it has been
> replicated from a 4.1.4 ?
> Is there a work-around ?
>
> Thanks
> Karl
Hi Karl,
I have a patch for Dogtag that I think will fix this issue. Would
you be willing to test it? If so, which version of Fedora/RHEL are
you using and I will prepare a build.
Regards,
Fraser
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list