[Freeipa-users] CA Certificate didn't automatically transfer to replica(s)
Dewangga Bachrul Alam
dewanggaba at xtremenitro.org
Sat Apr 22 08:41:03 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello!
Just update, manually add external CA(s) and signed certificated was
successful, but why it's didn't automatically transferred to
replica(s) from master.
On 04/22/2017 03:00 PM, Dewangga Bachrul Alam wrote:
> Hello!
>
> I've successfully create replica, everything works fine but why my
> signed CA certificate didn't automatically transfer to another
> replica(s)? Is it normal?
>
> Trying to add manually, but the certificate in replica(s) still
> using self-signed. Here's the output from `ipa-certupdate -v`
> https://paste.fedoraproject.org/paste/U53pyXUa7Z34kLfiKh1QKV5M1UNdIGYh
yR
>
>
LivL9gydE=
>
> Interesting line was :
>
> ipa: DEBUG: stderr= ipa: DEBUG: Starting external process ipa:
> DEBUG: args=/usr/bin/certutil -d /etc/ipa/nssdb -L -n IPA CA -a
> ipa: DEBUG: Process finished, return code=255 ipa: DEBUG: stdout=
> ipa: DEBUG: stderr=certutil: Could not find cert: IPA CA :
> PR_FILE_NOT_FOUND_ERROR: File not found
>
> ipa: DEBUG: Starting external process ipa: DEBUG:
> args=/usr/bin/certutil -d /etc/ipa/nssdb -L -n External CA cert -a
> ipa: DEBUG: Process finished, return code=255 ipa: DEBUG: stdout=
> ipa: DEBUG: stderr=certutil: Could not find cert: External CA cert
> : PR_FILE_NOT_FOUND_ERROR: File not found
>
> FYI: The replica server previously was a client and promoted to be
> a replica by hitting this command: `ipa-replica-install
> --principal admin --admin-password admin_password`
>
> Any hints?
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQI4BAEBCAAiBQJY+xccGxxkZXdhbmdnYWJhQHh0cmVtZW5pdHJvLm9yZwAKCRDl
f9IgoCjNcJAHEACO4nF7guN05MjmqYFDwDrjhvWgMN2sRn+Nxt/aA+xziIOJJGaA
Rr97TbODiTiefBkjVoiYM6dxr6VK5ViPZIbe0IAjafCRACAKggyCRtb2j8+vb7Jd
imJN/MC0zSMCdATSs2b95uT7QrUiVHwt/xmKzJ44ezIYON+YOtgndk0QXynXHqjm
H6HcQkh4ZcC8antiFdbC+H8z4Iv4Ypnhdr80RtqLqQ6esnZXnWdIg3X0aRb6w1fw
KEDHemhfKeu5hMxpi2AQdesO4j+XhvW6TfvKymScbWv1PoEuLAsgQGdoxVmhkjN8
LKixSghHlg8A61DXtA9J2uaPUUKjVMmoKH4CFD0RLQlQJ+f4KfApbNzHZTBnSL8D
64c5WjJdtAY5LUArakwZ/EJt5N5AJEFDIoSWM3if/jpDIVFEAaDzFKIQvyLKyMIn
yHxNIcWcSoP/YwzZXMttWx5dNRkermmWEcvPsqovoT9BRlI/e700o3xqQk7V0720
7TniU1uZaBpLkJOxHUoWssaWfVHcWEBnw0UeU7bl4nKnAo7hkQs3/iJXwQiLk4aw
338ZIniIrDSmUmmfqJuhQrFPNK+heCOno5O/99Sa1bs0lTQgRRjMq5Q7mIajEYYI
NedyVj0VQ8R42rbgomWJPJP/uU+kirN8CpEc+d/IWNQE2t+5hOX5nme5dw==
=anzk
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list