<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style id="owaParaStyle" type="text/css"></style>
</head>
<body ocsi="0" fpstyle="1" bgcolor="#FFFFFF">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;"><br>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF749533"><font face="Tahoma" size="2" color="#000000"><b>From:</b> freeipa-users-bounces@redhat.com [freeipa-users-bounces@redhat.com] on behalf of Dmitri Pal [dpal@redhat.com]<br>
<b>Sent:</b> Tuesday, December 09, 2014 3:49 PM<br>
<b>To:</b> freeipa-users@redhat.com<br>
<b>Subject:</b> Re: [Freeipa-users] CA Replication Installation Failing<br>
</font><br>
</div>
<div></div>
<div>
<div class="moz-cite-prefix">On 12/08/2014 11:04 PM, Les Stott wrote:<br>
</div>
<blockquote type="cite"><style>
<!--
@font-face
{font-family:Calibri}
@font-face
{font-family:Tahoma}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:windowtext}
span.EmailStyle18
{font-family:"Calibri","sans-serif";
color:#1F497D}
.MsoChpDefault
{font-size:10.0pt}
@page WordSection1
{margin:72.0pt 72.0pt 72.0pt 72.0pt}
-->
BODY {direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;}P {margin-top:0;margin-bottom:0;}BODY {scrollbar-base-color:undefined;scrollbar-highlight-color:undefined;scrollbar-darkshadow-color:undefined;scrollbar-track-color:undefined;scrollbar-arrow-color:undefined}</style>
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Does anyone have any ideas on the below errors when trying to add CA replication to an existing replica?</span></p>
</div>
</blockquote>
<br>
> People who might be able to help are or PTO right now.<br>
> <br>
> Is your installation older than 2 years?<br>
<br>
No, December 2013 was when it was originally built.<br>
<br>
> Did you generate a new replica package or use the original one?<br>
<br>
I used the original replica file for serverb, based on instructions i came across. I can try regenerating the replica file.<br>
<br>
Interestingly, now that you mention it, servera had to be restored a couple of months back. Perhaps this is an issue and regenerating the replica file for serverb will be required.<br>
<br>
I will try this.<br>
<br>
> May be the problem is that the cert that is in that package already expired?<br>
<br>
original replica file was created on Dec 16 2013. Cert is not set to expire until 2015-12-17.<br>
<br>
> Just a thought...<br>
><br>
> The simplest workaround IMO would be to prepare Server C, install it with CA and then decommission replica B.
<br>
> Do not forget to clean replication agreements on master.<br>
><br>
> But that would be work around, would not solve this specific problem, it will kill it.<br>
<br>
I actually do have serverc and serverd. I planned to have CA replication on at least 2 other servers, but held off on trying on serverc due to issues with serverb.<br>
<br>
I'll report back what i find after regenerating the replica file and re-trying to setup CA replication.<br>
<br>
Thanks,<br>
<br>
Les<br>
<br>
<blockquote type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks in advance,</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D">Les</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span></p>
<div style="border:none; border-left:solid blue 1.5pt; padding:0cm
0cm 0cm 4.0pt">
<div>
<div style="border:none; border-top:solid #B5C4DF
1.0pt; padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt; font-family:"Tahoma","sans-serif"" lang="EN-US">From:</span></b><span style="font-size:10.0pt; font-family:"Tahoma","sans-serif"" lang="EN-US">
<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com" target="_blank">
freeipa-users-bounces@redhat.com</a> [<a class="moz-txt-link-freetext" href="mailto:freeipa-users-bounces@redhat.com" target="_blank">mailto:freeipa-users-bounces@redhat.com</a>]
<b>On Behalf Of </b>Les Stott<br>
<b>Sent:</b> Tuesday, 2 December 2014 6:17 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com" target="_blank">
freeipa-users@redhat.com</a><br>
<b>Subject:</b> [Freeipa-users] CA Replication Installation Failing</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Hi All,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I have RHEL6 with ipa servers running standard ipa server 3.0.0-42. Pki components are also standard version 9.0.3-38.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Servera is the master</p>
<p class="MsoNormal">Serverb is the replica</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Both have been running for many, many months. Serverb was initially setup as a replica, but not a CA replica.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I am now trying to add CA Replication to serverb but it is failing midway through and I cannot figure out why.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Annoyingly, I used the same method/command to setup a CA replica on test servers and it completed without issue.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Here is what I get….(for the sake of brevity, I am excluding the lines for connection check which were all OK)</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">=================</p>
<p class="MsoNormal">/usr/sbin/ipa-ca-install /var/lib/ipa/replica-info-serverb.mydomain.com.gpg</p>
<p class="MsoNormal">Directory Manager (existing master) password:</p>
<p class="MsoNormal">Get credentials to log in to remote master</p>
<p class="MsoNormal"><a href="mailto:admin@MYDOMAIN.COM" target="_blank">admin@MYDOMAIN.COM</a> password:</p>
<p class="MsoNormal">Execute check on remote master</p>
<p class="MsoNormal">Connection check OK</p>
<p class="MsoNormal">Configuring directory server for the CA (pkids): Estimated time 30 seconds</p>
<p class="MsoNormal"> [1/3]: creating directory server user</p>
<p class="MsoNormal"> [2/3]: creating directory server instance</p>
<p class="MsoNormal"> [3/3]: restarting directory server</p>
<p class="MsoNormal">Done configuring directory server for the CA (pkids).</p>
<p class="MsoNormal">Configuring certificate server (pki-cad): Estimated time 3 minutes 30 seconds</p>
<p class="MsoNormal"> [1/16]: creating certificate server user</p>
<p class="MsoNormal"> [2/16]: creating pki-ca instance</p>
<p class="MsoNormal"> [3/16]: configuring certificate server instance</p>
<p class="MsoNormal">ipa : CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname serverb.mydomain.com -cs_port 9445 -client_certdb_dir /tmp/tmp-t3aHM7 -client_certdb_pwd XXXXXXXX -preop_pin exoyO2y7bawG5yjZMACM
-domain_name IPA -admin_user admin -admin_email root@localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=MYDOMAIN.COM -ldap_host serverb.mydomain.com -ldap_port 7389 -bind_dn
cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name CN=CA Subsystem,O=MYDOMAIN.COM
-ca_subsystem_cert_subject_name CN=CA Subsystem,O=MYDOMAIN.COM -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=MYDOMAIN.COM -ca_server_cert_subject_name CN=serverb.mydomain.com,O=MYDOMAIN.COM -ca_audit_signing_cert_subject_name CN=CA Audit,O=MYDOMAIN.COM -ca_sign_cert_subject_name
CN=Certificate Authority,O=MYDOMAIN.COM -external false -clone true -clone_p12_file ca.p12 -clone_p12_password XXXXXXXX -sd_hostname servera.mydomain.com -sd_admin_port 443 -sd_admin_name admin -sd_admin_password XXXXXXXX -clone_start_tls true -clone_uri
<a href="https://servera.mydomain.com:443" target="_blank">https://servera.mydomain.com:443</a>' returned non-zero exit status 255</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Your system may be partly configured.</p>
<p class="MsoNormal">Run /usr/sbin/ipa-server-install --uninstall to clean up.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Configuration of CA failed</p>
<p class="MsoNormal">=================</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Additional excerpt from the log file /var/log/ipareplica-ca-install.log at the point of failure….</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">=================</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">#############################################</p>
<p class="MsoNormal">Attempting to connect to: serverb.mydomain.com:9445</p>
<p class="MsoNormal">Connected.</p>
<p class="MsoNormal">Posting Query = <a href="https://serverb.mydomain.com:9445/ca/admin/console/config/wizard?p=7&op=next&xml=true&__password=XXXXXXXX&path=ca.p12" target="_blank">
https://serverb.mydomain.com:9445//ca/admin/console/config/wizard?p=7&op=next&xml=true&__password=XXXXXXXX&path=ca.p12</a></p>
<p class="MsoNormal">RESPONSE STATUS: HTTP/1.1 200 OK</p>
<p class="MsoNormal">RESPONSE HEADER: Server: Apache-Coyote/1.1</p>
<p class="MsoNormal">RESPONSE HEADER: Content-Type: application/xml;charset=UTF-8</p>
<p class="MsoNormal">RESPONSE HEADER: Date: Tue, 02 Dec 2014 05:44:19 GMT</p>
<p class="MsoNormal">RESPONSE HEADER: Connection: close</p>
<p class="MsoNormal"><?xml version="1.0" encoding="UTF-8"?></p>
<p class="MsoNormal"><!-- BEGIN COPYRIGHT BLOCK</p>
<p class="MsoNormal"> This program is free software; you can redistribute it and/or modify</p>
<p class="MsoNormal"> it under the terms of the GNU General Public License as published by</p>
<p class="MsoNormal"> the Free Software Foundation; version 2 of the License.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> This program is distributed in the hope that it will be useful,</p>
<p class="MsoNormal"> but WITHOUT ANY WARRANTY; without even the implied warranty of</p>
<p class="MsoNormal"> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</p>
<p class="MsoNormal"> GNU General Public License for more details.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> You should have received a copy of the GNU General Public License along</p>
<p class="MsoNormal"> with this program; if not, write to the Free Software Foundation, Inc.,</p>
<p class="MsoNormal"> 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> Copyright (C) 2007 Red Hat, Inc.</p>
<p class="MsoNormal"> All rights reserved.</p>
<p class="MsoNormal"> END COPYRIGHT BLOCK --></p>
<p class="MsoNormal"><response></p>
<p class="MsoNormal"> <panel>admin/console/config/restorekeycertpanel.vm</panel></p>
<p class="MsoNormal"> <res/></p>
<p class="MsoNormal"> <updateStatus>failure</updateStatus></p>
<p class="MsoNormal"> <password/></p>
<p class="MsoNormal"> <errorString>The pkcs12 file is not correct.</errorString></p>
<p class="MsoNormal"> <size>19</size></p>
<p class="MsoNormal"> <title>Import Keys and Certificates</title></p>
<p class="MsoNormal"> <panels></p>
<p class="MsoNormal"> <Vector></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>welcome</Id></p>
<p class="MsoNormal"> <Name>Welcome</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>module</Id></p>
<p class="MsoNormal"> <Name>Key Store</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>confighsmlogin</Id></p>
<p class="MsoNormal"> <Name>ConfigHSMLogin</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>securitydomain</Id></p>
<p class="MsoNormal"> <Name>Security Domain</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>securitydomain</Id></p>
<p class="MsoNormal"> <Name>Display Certificate Chain</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>subsystem</Id></p>
<p class="MsoNormal"> <Name>Subsystem Type</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>clone</Id></p>
<p class="MsoNormal"> <Name>Display Certificate Chain</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>restorekeys</Id></p>
<p class="MsoNormal"> <Name>Import Keys and Certificates</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>cahierarchy</Id></p>
<p class="MsoNormal"> <Name>PKI Hierarchy</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>database</Id></p>
<p class="MsoNormal"> <Name>Internal Database</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>size</Id></p>
<p class="MsoNormal"> <Name>Key Pairs</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>subjectname</Id></p>
<p class="MsoNormal"> <Name>Subject Names</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>certrequest</Id></p>
<p class="MsoNormal"> <Name>Requests and Certificates</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>backupkeys</Id></p>
<p class="MsoNormal"> <Name>Export Keys and Certificates</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>savepk12</Id></p>
<p class="MsoNormal"> <Name>Save Keys and Certificates</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>importcachain</Id></p>
<p class="MsoNormal"> <Name>Import CA's Certificate Chain</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>admin</Id></p>
<p class="MsoNormal"> <Name>Administrator</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>importadmincert</Id></p>
<p class="MsoNormal"> <Name>Import Administrator's Certificate</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> <Panel></p>
<p class="MsoNormal"> <Id>done</Id></p>
<p class="MsoNormal"> <Name>Done</Name></p>
<p class="MsoNormal"> </Panel></p>
<p class="MsoNormal"> </Vector></p>
<p class="MsoNormal"> </panels></p>
<p class="MsoNormal"> <name>CA Setup Wizard</name></p>
<p class="MsoNormal"> <p>7</p></p>
<p class="MsoNormal"> <path/></p>
<p class="MsoNormal"> <req/></p>
<p class="MsoNormal"> <panelname>restorekeys</panelname></p>
<p class="MsoNormal"></response></p>
<p class="MsoNormal">Error in RestoreKeyCertPanel(): updateStatus returns failure</p>
<p class="MsoNormal">ERROR: ConfigureCA: RestoreKeyCertPanel() failure</p>
<p class="MsoNormal">ERROR: unable to create CA</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">#######################################################################</p>
<p class="MsoNormal">2014-12-02T05:44:19Z DEBUG stderr=</p>
<p class="MsoNormal">2014-12-02T05:44:19Z CRITICAL failed to configure ca instance Command '/usr/bin/perl /usr/bin/pkisilent ConfigureCA -cs_hostname serverb.mydomain.com -cs_port 9445 -client_certdb_dir /tmp/tmp-1Tqws5 -client_certdb_pwd XXXXXXXX -preop_pin
rdkE0y2CiGMKNcRRPKKc -domain_name IPA -admin_user admin -admin_email root@localhost -admin_password XXXXXXXX -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject CN=ipa-ca-agent,O=MYDOMAIN.COM -ldap_host serverb.mydomain.com
-ldap_port 7389 -bind_dn cn=Directory Manager -bind_password XXXXXXXX -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd XXXXXXXX -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name
CN=CA Subsystem,O=MYDOMAIN.COM -ca_subsystem_cert_subject_name CN=CA Subsystem,O=MYDOMAIN.COM -ca_ocsp_cert_subject_name CN=OCSP Subsystem,O=MYDOMAIN.COM -ca_server_cert_subject_name CN=serverb.mydomain.com,O=MYDOMAIN.COM -ca_audit_signing_cert_subject_name
CN=CA Audit,O=MYDOMAIN.COM -ca_sign_cert_subject_name CN=Certificate Authority,O=MYDOMAIN.COM -external false -clone true -clone_p12_file ca.p12 -clone_p12_password XXXXXXXX -sd_hostname servera.mydomain.com -sd_admin_port 443 -sd_admin_name admin -sd_admin_password
XXXXXXXX -clone_start_tls true -clone_uri <a href="https://servera.mydomain.com:443" target="_blank">
https://servera.mydomain.com:443</a>' returned non-zero exit status 255</p>
<p class="MsoNormal">2014-12-02T05:44:19Z INFO File "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 614, in run_script</p>
<p class="MsoNormal"> return_value = main_function()</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> File "/usr/sbin/ipa-ca-install", line 149, in main</p>
<p class="MsoNormal"> (CA, cs) = cainstance.install_replica_ca(config, postinstall=True)</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 1626, in install_replica_ca</p>
<p class="MsoNormal"> subject_base=config.subject_base)</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 626, in configure_instance</p>
<p class="MsoNormal"> self.start_creation(runtime=210)</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> File "/usr/lib/python2.6/site-packages/ipaserver/install/service.py", line 358, in start_creation</p>
<p class="MsoNormal"> method()</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> File "/usr/lib/python2.6/site-packages/ipaserver/install/cainstance.py", line 888, in __configure_instance</p>
<p class="MsoNormal"> raise RuntimeError('Configuration of CA failed')</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">2014-12-02T05:44:19Z INFO The ipa-ca-install command failed, exception: RuntimeError: Configuration of CA failed</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">=================</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I am not sure why this is happening.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Certutil shows that the setup isn’t complete on serverb when comparing against the CA replica in my test servers which were successful.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"># certutil -L -d /var/lib/pki-ca/alias</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Certificate Nickname Trust Attributes</p>
<p class="MsoNormal"> SSL,S/MIME,JAR/XPI</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Certificate Authority - MYDOMAIN.COM CT,c,</p>
<p class="MsoNormal">Server-Cert cert-pki-ca CTu,Cu,Cu</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"># certutil -K -d /var/lib/pki-ca/alias</p>
<p class="MsoNormal">certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"</p>
<p class="MsoNormal">Enter Password or Pin for "NSS Certificate DB":</p>
<p class="MsoNormal">< 0> rsa ef25de4fb656a27e297899509bc3dad582bcd643 NSS Certificate DB:Server-Cert cert-pki-ca</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">As yet, I have not tried “/usr/sbin/ipa-server-install –uninstall” in an attempt to cleanup as this is a production server and apart from CA replication, it is running fine. I have tried multiple times manually removing pki instances and
reinstalling but it still won’t get past the above error.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Can anyone shed any light on this?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Thanks in advance,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Les</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader" target="_blank"></fieldset> <br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</div>
</div>
</div>
</body>
</html>