Next stage of my testing was to make a replica of the FreeIPA server, and I started by doing a 'yum install ipa-server' and then moved on to adding the host to the ipaservers group. This fails every time however, with the error:
ipa: ERROR: cannot connect to 'https://ipa.astro.princeton.edu/ipa/json': (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, unsupported format. Searches on this seem to turn up things like expired certificates, or "reboot httpd" (I went ahead and rebooted the whole ipa server), but nothing concrete. Suggestions? Everything (server and soon-to-be replica) running RHEL7.3 with all updates. -- Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci Princeton University | ICBM Address: 40.346344 -74.652242 345 Lewis Library |"On my ship, the Rocinante, wheeling through Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus, (267) 793-0852 | headlong into mystery." -Rush, 'Cygnus X-1' -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
