> -----Original Message----- > From: Fraser Tweedale [mailto:ftwee...@redhat.com] > Sent: Wednesday, 23 September 2015 10:59 AM > To: Les Stott > Cc: Winfried de Heiden; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] sec_error_reused_issuer_and_serial > > On Tue, Sep 22, 2015 at 09:52:38PM +0000, Les Stott wrote: > > The only way to get around it, because you are using the same domain > > name, is to use different browsers to visit each site. > > Firefox for sitea, chrome for siteb. > > > It is not the only way; you can flush your browser cache / offline data for > the > site and cause the browswer to forget about the issuer. > Certainly with Firefox this is possible (I don't use Chromium). >
This never worked for me. Or if it did, it made siteb accessible, but then sitea had the ssl error and vice versa. > Or you can use separate Firefox profiles (again I am unsure if Chromium has > this feature) for the separate installations. > > Or for installations / experimentation, you can specify a different > "Organization" component of the root issuer DN when installing FreeIPA. I > include a "timestamp" when installing test servers: > > ipa-server-install --subject 'O=IPA.LOCAL 201508311610' Never knew about that option. It would make sense if something like that was the default I think.... Thanks for the info. Regards, Les > > Hope that helps! > Fraser > > > It's got to do with the fact that the Parent certificate name (generated > automatically during install) is the same on both and because the domain > matches then firefox throws the ssl warning. > > > > I have the same thing in my environments for production and dr where the > domain name is the same in both. > > > > Regards, > > > > Les > > > > From: freeipa-users-boun...@redhat.com > > [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Winfried de > > Heiden > > Sent: Tuesday, 22 September 2015 10:27 PM > > To: freeipa-users@redhat.com > > Subject: [Freeipa-users] sec_error_reused_issuer_and_serial > > > > Hi all, > > > > Playing around with freeipa on Fedora 22 after installing I cannot access > > the > UI. Firefox will tell "sec_error_reused_issuer_and_serial". > > > > I allready have an Freeipa (Fedora 21 based) and somewhere there seems > to be a conflict in the certificates. After using a different domain name all > goes well. > > > > I want to test and try a few things on a test Freeipa server using the same > domain name. Deleting all certicates in Firefox or even trying a new and clean > profile did not help. How can I avoid this conflict? > > > > Winfried > > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project