[Freeipa-users] ca install fails upgrading to 4.2.0
Martin Kosek
mkosek at redhat.com
Tue Feb 2 11:20:24 UTC 2016
On 02/02/2016 11:51 AM, Robert van Veelen wrote:
> Unfortunately not. I saw that thread and grabbed the patch and updated spec
> to give it a try. Same issue.
> cheers,
Ah, pity. Let me CC Endi in this thread then. I suspect he will be interested
in the same log files as in the referred thread.
> On Tue, 2 Feb 2016 at 08:46 Martin Kosek <mkosek at redhat.com> wrote:
>
>> On 02/02/2016 02:18 AM, Robert van Veelen wrote:
>>> Hi,
>>> I'm trying to create an ipa replica from
>>> ipa-server-3.0.0-47/pki-ca-9.0.3-45 to
>> ipa-server-4.2.0-15/pki-ca-10.2.5-6
>>> and cannot get the install to complete. The CS is configured as a sub to
>> an
>>> external CA. I keep getting the same error when running the
>>> replica-install. Digging into pki-ca's debug log, I find the following
>>> errors:
>>>
>>> java.lang.Exception: SystemCertsVerification: system certs verification
>>> failure
>>> &
>>> CertUtils: verifySystemCertByNickname() failed: caSigningCert
>> cert-pki-ca
>>>
>>> I've tried regenerating the source cacert.p12, upgrading pki-ca to
>> latest,
>>> etc. It just seems like the new replica is unable to verify the certs
>> while
>>> running selftests. any good tips for a next step to work out whats going
>> on?
>>>
>>> Thanks,
>>>
>>> -rob
>>
>> Can this be the same problem as answered by Endi here:
>> https://www.redhat.com/archives/freeipa-users/2016-January/msg00564.html
>> ?
>>
>>
>
More information about the Freeipa-users
mailing list