Folks,
I have a FreeIPA server running on CentOS7 and now I am trying to create a
replica copy using RockyLinux 9.3. When I try to join, the error related
cert expires. I have checked everywhere and didn't find any expired
certificates.
/usr/sbin/ipa-client-install -p admin -w XXXX --realm=FOO.COM --domain=
foo.com --server=ldap-1.foo.com --hostname ldap-2.foo.com -N --no-ssh
--no-sshd --request-cert -U --force-join
...
...
Joining realm failed: Unable to initialize STARTTLS session
Connect error: error:0A000086:SSL routines::certificate verify failed
(certificate has expired)
Failed to bind to server!
Retrying with pre-4.0 keytab retrieval method...
Unable to initialize STARTTLS session
Connect error: error:0A000086:SSL routines::certificate verify failed
(certificate has expired)
Failed to bind to server!
Failed to get keytab
child exited with 9
Installation failed. Rolling back changes.
Disabling client Kerberos and LDAP configurations
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Client uninstall complete.
On master ldap node I did "/usr/bin/getcert list" and all certs are up to
date. Now sure from where this expired cert error is coming from.
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
