Steve Huston wrote: > Next stage of my testing was to make a replica of the FreeIPA server, > and I started by doing a 'yum install ipa-server' and then moved on to > adding the host to the ipaservers group. This fails every time > however, with the error: > > ipa: ERROR: cannot connect to > 'https://ipa.astro.princeton.edu/ipa/json': > (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, > unsupported format. > > Searches on this seem to turn up things like expired certificates, or > "reboot httpd" (I went ahead and rebooted the whole ipa server), but > nothing concrete. Suggestions? Everything (server and soon-to-be > replica) running RHEL7.3 with all updates. >
See the workaround in https://fedorahosted.org/freeipa/ticket/6575#comment:9 rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
