Hi, Sorry for the lack of details! You are indeed correct about the version its 4.1 The command I am using is this: ipa-replica-prepare ipa-r1.myobscureddomain.com --http-cert-file /home/fedora/newcert.pk12 --dirsrv-cert-file /home/fedora/newcert.pk12 --ip-address 172.31.16.31 -v
Regards, D 2015-04-09 16:16 GMT+02:00 Rob Crittenden <rcrit...@redhat.com>: > David Dejaeghere wrote: > > Hi, > > > > Does somebody have any pointers for me regarding this issue? > > It would help very much if you'd include the version you're working > with. Based on line numbers I'll assume IPA 4.1. > > It's hard to say since you don't include the command-line you're using, > or what those files consist of. > > It looks like it is blowing up trying to verify that the whole > certificate chain is available. NSS unfortunately doesn't always provide > the best error messages so it's hard to say why this particular cert > can't be loaded. > > rob > > > > > Regards, > > > > D > > > > 2015-04-07 13:34 GMT+02:00 David Dejaeghere <david.dejaegh...@gmail.com > > <mailto:david.dejaegh...@gmail.com>>: > > > > Hello, > > > > I am trying to setup a replica for my master which has been setup > > with an external CA to use our godaddy wildcard certificate. > > The ipa-replica-prepare is failing with the following debug > information. > > I am using --http-cert and --dirsrv-cert with my pk12 server > > certificate. > > What can I verify to get an idea of what is going wrong? > > > > ipa: DEBUG: stderr= > > ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: > > File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line > > 169, in execute > > self.ask_for_options() > > File > > > "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py", > > line 276, in ask_for_options > > options.http_cert_name) > > File > > > "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py", > > line 176, in load_pkcs12 > > host_name=self.replica_fqdn) > > File > > > "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line > > 785, in load_pkcs12 > > nss_cert = x509.load_certificate(cert, x509.DER) > > File "/usr/lib/python2.7/site-packages/ipalib/x509.py", line 128, > > in load_certificate > > return nss.Certificate(buffer(data)) > > > > ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: The > > ipa-replica-prepare command failed, exception: NSPRError: > > (SEC_ERROR_LIBRARY_FAILURE) security library failure. > > ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR: > > (SEC_ERROR_LIBRARY_FAILURE) security library failure. > > > > Regards, > > > > D > > > > > > > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project