Hello, I am trying to setup a replica for my master which has been setup with an external CA to use our godaddy wildcard certificate. The ipa-replica-prepare is failing with the following debug information. I am using --http-cert and --dirsrv-cert with my pk12 server certificate. What can I verify to get an idea of what is going wrong?
ipa: DEBUG: stderr= ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 169, in execute self.ask_for_options() File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py", line 276, in ask_for_options options.http_cert_name) File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py", line 176, in load_pkcs12 host_name=self.replica_fqdn) File "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 785, in load_pkcs12 nss_cert = x509.load_certificate(cert, x509.DER) File "/usr/lib/python2.7/site-packages/ipalib/x509.py", line 128, in load_certificate return nss.Certificate(buffer(data)) ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: The ipa-replica-prepare command failed, exception: NSPRError: (SEC_ERROR_LIBRARY_FAILURE) security library failure. ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR: (SEC_ERROR_LIBRARY_FAILURE) security library failure. Regards, D
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project