I had to set the --dirsrv_pkcs12, --dirsrv_pin, --http_pkcs12, --http_pin and the ipa-replica-prepare command runs without failure.
Thanks for your help. 2013/2/8 James James <jre...@gmail.com> > My ipa version is ipa-server-2.2.0-17.el6_3.1.x86_64 and the distro is > Scientific Linux 6.3. I have used ipa-server-certinstall to replace the > default IPA certs. > > > > > 2013/2/8 Rob Crittenden <rcrit...@redhat.com> > >> James James wrote: >> >>> Hi, >>> today I wanted to install a ipa replica. When I used the >>> ipa-replica-prepare command, I've got this error : >>> >>> [root@ipa ~]# ipa-replica-prepare ipa2-example.com < >>> http://ipa2-example.com> >>> >>> Directory Manager (existing master) password: >>> >>> Preparing replica for ipa-EXAMPLE.COM from ipa.EXAMPLE.COM >>> <http://ipa.EXAMPLE.COM> >>> >>> Creating SSL certificate for the Directory Server >>> certutil: could not find certificate named "CN=EXAMPLE.COM >>> <http://EXAMPLE.COM> Certificate Authority": security library: bad >>> database. >>> >>> certutil: unable to create cert (security library: bad database.) >>> preparation of replica failed: Command '/usr/bin/certutil -d >>> /tmp/tmpoUpN72ipa/realm_info -A -n Server-Cert -t u,u,u -i >>> /var/lib/ipa/ipa-6qKbha/**tmpcert.der -f >>> /tmp/tmpoUpN72ipa/realm_info/**pwdfile.txt' returned non-zero exit >>> status 255 >>> Command '/usr/bin/certutil -d /tmp/tmpoUpN72ipa/realm_info -A -n >>> Server-Cert -t u,u,u -i /var/lib/ipa/ipa-6qKbha/**tmpcert.der -f >>> /tmp/tmpoUpN72ipa/realm_info/**pwdfile.txt' returned non-zero exit >>> status 255 >>> File "/usr/sbin/ipa-replica-**prepare", line 459, in <module> >>> main() >>> >>> File "/usr/sbin/ipa-replica-**prepare", line 345, in main >>> export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dscert", >>> replica_fqdn, subject_base) >>> >>> File "/usr/sbin/ipa-replica-**prepare", line 143, in export_certdb >>> raise e >>> >>> >>> I have a certificate generated by a custom certificate authority in the >>> ipa server. >>> >> >> Need more information on your installation. What version of IPA, what >> distro? >> >> Did you use ipa-server-certinstall to replace the default IPA certs? >> >> rob >> >> >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users