Re: [Freeipa-users] ipa-replica-prepare failing

Mon, 20 Apr 2015 05:21:30 -0700 

Hi,

Let me know how I can assist.
In the meantime could I setup a replica using a different certificate? Self
signed or anything like that?

Regards,

D

2015-04-17 15:27 GMT+02:00 Jan Cholasta <jchol...@redhat.com>:

> Hi,
>
> I don't have any new information. I'm trying to reproduce the problem but
> had no luck so far.
>
> Honza
>
> Dne 17.4.2015 v 15:23 David Dejaeghere napsal(a):
>
>> Hi,
>>
>> Any more things I can try out? How do we proceed?
>>
>> Kind Regards,
>>
>> D
>>
>> 2015-04-15 11:48 GMT+02:00 David Dejaeghere <david.dejaegh...@gmail.com
>> <mailto:david.dejaegh...@gmail.com>>:
>>
>>     Hi Honza,
>>
>>     That gave me the exact same output.  Any ideas?
>>
>>     Regards,
>>
>>     D
>>
>>     2015-04-15 7:33 GMT+02:00 Jan Cholasta <jchol...@redhat.com
>>     <mailto:jchol...@redhat.com>>:
>>
>>         Hi,
>>
>>         Dne 14.4.2015 v 19:47 Rob Crittenden napsal(a):
>>
>>             David Dejaeghere wrote:
>>
>>                 Hi Rob,
>>
>>                 So you want to output of the command using pk12 with
>>                 server cert and
>>                 key? or with the ca chain in there too?
>>
>>
>>             Oddly enough it is failing in exactly the same place. Those
>>             GoDaddy CA
>>             certs are still being loaded from somewhere, I'm not sure
>>             where, and I
>>             suspect that is the source of the problem.
>>
>>
>>         They are in the default CA certificate bundle (in the
>>         ca-certificate package). I guess NSS loads it automatically.
>>
>>
>>             I'm going to forward the log to a colleague who has worked
>>             on this code
>>             more recently than I have. Maybe he will have an idea.
>>
>>
>>         Could you try if the following works?
>>
>>              # mv /usr/share/pki/ca-trust-__source/ca-bundle.trust.crt
>>         /root/ca-bundle.trust.crt
>>
>>              # update-ca-trust
>>
>>              # ipa-replica-prepare ...
>>
>>              # mv /root/ca-bundle.trust.crt
>>         /usr/share/pki/ca-trust-__source/ca-bundle.trust.crt
>>
>>              # update-ca-trust
>>
>>
>>             rob
>>
>>
>>         Honza
>>
>>         --
>>         Jan Cholasta
>>
>>
>>
>>
>
> --
> Jan Cholasta
>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to