[Freeipa-users] CA Certificate didn't automatically transfer to replica(s)
Dewangga Bachrul Alam
dewanggaba at xtremenitro.org
Sat Apr 22 08:00:16 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello!
I've successfully create replica, everything works fine but why my
signed CA certificate didn't automatically transfer to another
replica(s)? Is it normal?
Trying to add manually, but the certificate in replica(s) still using
self-signed. Here's the output from `ipa-certupdate -v`
https://paste.fedoraproject.org/paste/U53pyXUa7Z34kLfiKh1QKV5M1UNdIGYhyR
LivL9gydE=
Interesting line was :
ipa: DEBUG: stderr=
ipa: DEBUG: Starting external process
ipa: DEBUG: args=/usr/bin/certutil -d /etc/ipa/nssdb -L -n IPA CA -a
ipa: DEBUG: Process finished, return code=255
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=certutil: Could not find cert: IPA CA
: PR_FILE_NOT_FOUND_ERROR: File not found
ipa: DEBUG: Starting external process
ipa: DEBUG: args=/usr/bin/certutil -d /etc/ipa/nssdb -L -n External CA
cert -a
ipa: DEBUG: Process finished, return code=255
ipa: DEBUG: stdout=
ipa: DEBUG: stderr=certutil: Could not find cert: External CA cert
: PR_FILE_NOT_FOUND_ERROR: File not found
FYI:
The replica server previously was a client and promoted to be a
replica by hitting this command: `ipa-replica-install --principal
admin --admin-password admin_password`
Any hints?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQI4BAEBCAAiBQJY+w2NGxxkZXdhbmdnYWJhQHh0cmVtZW5pdHJvLm9yZwAKCRDl
f9IgoCjNcFn2EACjKLkv3XokuWsJwjXSyKV3IP6Gh54Os/bNVkAS5rBb5unRl/BQ
FG1eV5/Mgq0kSBbbC5C1qvXwSjeaJMjul0ssJ+fldL4d0S+S+s/nos7BsyjZZaQV
VP1c4iRrCUeHt//FdTaN9AslsW+2IUlKQ5qFBX+1cN8Kc4Q9yIBmr4e1p94dJCnu
z8Fwe/RZS1e69QOWLdfNYsEhGiwXKVqyWaX139kvpOXOaj41yehC0Zzkli6HxpFu
lypSRHFAPYLt9fWS0pglPk3PQFLlGC5bNYLTFdADeVn1siME6eZl09+cUUFp2o79
bF2/7+g98QExJ9LY6IxUrrvgvc42c9dX7SY2GU1niEIyxcwXbxt8gWoY91YjEIGX
Ibq5vc6FnsQB2rN3L+nO5WvwimH4wEqnFU1YJ+dDh+A80G25JQuLZ4ZBYsuH7rVE
T0TH9KEYD8BR46ca9prhv1WNVt0wDDgfWRLc6afLBdJ2eUrx7uXijauyibevc1mI
X2OfKELlejsrcDb6hyoS3z18cOES9oJmfpsrNdxGi2X59HVp1o67R4QprQ9ZrGld
Eb4njQRXF45O4ZSWT6tGteltf1KVKfoKaxL41S8DPf3wY1JFy/OmtYjNx5fSLcPL
b+TRSimv5q6YWIw5/mqmVlsdife5XnFTGSIBBOkssLx0qnqcpCetuoCnQw==
=jRl3
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list