I'm trying to do an ipa-server-install with an --external-ca but after it generates the .csr and I sign a .crt I can't run the followup ips-server-install to import the certificate.
I don't think I'm supposed to run an --uninstall between the --external-ca and the --external_cert_file installations but I'm not sure. Here is what I'm getting: [root@ipa0 ~]# ipa-server-install --setup-dns --forwarder="10.0.0.53 10.0.1.53" -U -p xxxxxxxx -a xxxxxxxx -u dirsrv -r MYREALM.COM --external-ca The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will set up the FreeIPA Server. This includes: * Configure the Network Time Daemon (ntpd) * Create and configure an instance of Directory Server * Create and configure a Kerberos Key Distribution Center (KDC) * Configure Apache (httpd) * Configure DNS (bind) To accept the default shown in brackets, press the Enter key. Warning: Hostname (ipa0.averesys.com) not found in DNS The domain name has been calculated based on the host name. The IPA Master Server will be configured with Hostname: ipa0.myrealm.com IP address: 10.0.0.11 Domain name: myrealm.com Configuring ntpd [1/4]: stopping ntpd [2/4]: writing configuration [3/4]: configuring ntpd to start on boot [4/4]: starting ntpd done configuring ntpd. Configuring directory server for the CA: Estimated time 30 seconds [1/3]: creating directory server user [2/3]: creating directory server instance [3/3]: restarting directory server done configuring pkids. Configuring certificate server: Estimated time 6 minutes [1/4]: creating certificate server user [2/4]: creating pki-ca instance [3/4]: restarting certificate server [4/4]: configuring certificate server instance The next step is to get /root/ipa.csr signed by your CA and re-run ipa-server-install as: ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate ... Signed the Certificate ... [root@ipa0 ~]# ipa-server-install --external_cert_file=/root/ipa.crt --external_ca_file=/root/ca.crt The log file for this installation can be found in /var/log/ipaserver-install.log IPA server is already configured on this system. [root@ipa0 ~]# cat /var/log/ipaserver-install.log 2011-01-24 11:36:14,214 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2011-01-24 11:36:14,309 DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' 2011-01-24 11:36:14,336 DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel