[Freeipa-users] Unable to install replica using replica file

Abhijeet Kasurde akasurde at redhat.com
Wed Jun 15 04:40:23 UTC 2016 

Hi All,

I am creating master replica setup using following commands and getting 
error on replica server

2016-06-15T03:53:31Z DEBUG The ipa-replica-install command failed, 
exception: NetworkError: cannot connect to 
'ldaps://dhcp201-141.testrelm.test:636': TLS error -8157:Certificate 
extension not found.

Can anyone explain me what does this error is trying to say ?

I am performing following steps

$ mkdir /tmp/nssdb
$ vim /tmp/nssdb/password.txt
$ vim /tmp/nssdb/noise.txt
$ certutil -d /tmp/nssdb/ -N -f /tmp/nssdb/password.txt
$ certutil -d /tmp/nssdb -S -n ca -s cn=Test_CA -x -t CTu,Cu,Cu -g 2048 
-v 60 -z /tmp/nssdb/noise.txt -2 -f /tmp/nssdb/passwd.txt
$ certutil -d /tmp/nssdb -S -n server -s cn=dhcp201-172.testrelm.test -t 
,, -z /tmp/nssdb/noise.txt -c ca -f /tmp/nssdb/passwd.txt
$ /usr/bin/pk12util -o /tmp/nssdb/server.p12 -n server -d /tmp/nssdb -k 
/tmp/nssdb/passwd.txt -W Secret123
$ ipa-server-install --http-cert-file /tmp/nssdb/server.p12 
--dirsrv-cert-file /tmp/nssdb/server.p12 --ip-address 10.65.210.89 -r 
TESTRELM.TEST -p Secret123 -a Secret123 --setup-dns --forwarder 
10.11.5.19 --http-pin Secret123 --dirsrv-pin Secret123 -U
$ certutil -d /tmp/nssdb -S -n ca -s cn=Test_CA -x -t CTu,Cu,Cu -g 2048 
-v 60 -z /tmp/nssdb/noise.txt -2 -f /tmp/nssdb/passwd.txt -m 3
$ certutil -d /tmp/nssdb -S -n replica -s cn=dhcp201-141.testrelm.test 
-t ,, -z /tmp/nssdb/noise.txt -c ca -f /tmp/nssdb/passwd.txt -m 4
$ /usr/bin/pk12util -o /tmp/nssdb/replica.p12 -n replica -d /tmp/nssdb 
-k /tmp/nssdb/passwd.txt -W Secret123·
$ ipa-replica-prepare dhcp201-141.testrelm.test --http_pkcs12 
/tmp/nssdb/replica.p12 --http_pin Secret123 --dirsrv_pkcs12 
/tmp/nssdb/replica.p12 --dirsrv_pin Secret123 --ip-address 10.65.210.91 
--reverse-zone=210.65.10.in-addr.arpa.
$ scp /var/lib/ipa/replica-info-dhcp201-141.testrelm.test.gpg 
root at dhcp201-141.testrelm.test:/root/

Attaching console.log and replicainstall.log

-- 
Thanks,
Abhijeet Kasurde

IRC: akasurde
http://akasurde.github.io

-------------- next part --------------
A non-text attachment was scrubbed...
Name: console.log
Type: text/x-log
Size: 2932 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160615/08e67b6c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipareplica-install.log
Type: text/x-log
Size: 84311 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160615/08e67b6c/attachment-0001.bin>

More information about the Freeipa-users mailing list