[Freeipa-users] sec_error_reused_issuer_and_serial
Les Stott
Less at imagine-sw.com
Wed Sep 23 02:54:29 UTC 2015
> -----Original Message-----
> From: Fraser Tweedale [mailto:ftweedal at redhat.com]
> Sent: Wednesday, 23 September 2015 10:59 AM
> To: Les Stott
> Cc: Winfried de Heiden; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] sec_error_reused_issuer_and_serial
>
> On Tue, Sep 22, 2015 at 09:52:38PM +0000, Les Stott wrote:
> > The only way to get around it, because you are using the same domain
> > name, is to use different browsers to visit each site.
> > Firefox for sitea, chrome for siteb.
> >
> It is not the only way; you can flush your browser cache / offline data for the
> site and cause the browswer to forget about the issuer.
> Certainly with Firefox this is possible (I don't use Chromium).
>
This never worked for me. Or if it did, it made siteb accessible, but then sitea had the ssl error and vice versa.
> Or you can use separate Firefox profiles (again I am unsure if Chromium has
> this feature) for the separate installations.
>
> Or for installations / experimentation, you can specify a different
> "Organization" component of the root issuer DN when installing FreeIPA. I
> include a "timestamp" when installing test servers:
>
> ipa-server-install --subject 'O=IPA.LOCAL 201508311610'
Never knew about that option. It would make sense if something like that was the default I think....
Thanks for the info.
Regards,
Les
>
> Hope that helps!
> Fraser
>
> > It's got to do with the fact that the Parent certificate name (generated
> automatically during install) is the same on both and because the domain
> matches then firefox throws the ssl warning.
> >
> > I have the same thing in my environments for production and dr where the
> domain name is the same in both.
> >
> > Regards,
> >
> > Les
> >
> > From: freeipa-users-bounces at redhat.com
> > [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Winfried de
> > Heiden
> > Sent: Tuesday, 22 September 2015 10:27 PM
> > To: freeipa-users at redhat.com
> > Subject: [Freeipa-users] sec_error_reused_issuer_and_serial
> >
> > Hi all,
> >
> > Playing around with freeipa on Fedora 22 after installing I cannot access the
> UI. Firefox will tell "sec_error_reused_issuer_and_serial".
> >
> > I allready have an Freeipa (Fedora 21 based) and somewhere there seems
> to be a conflict in the certificates. After using a different domain name all
> goes well.
> >
> > I want to test and try a few things on a test Freeipa server using the same
> domain name. Deleting all certicates in Firefox or even trying a new and clean
> profile did not help. How can I avoid this conflict?
> >
> > Winfried
> >
>
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list