Re: [Freeipa-devel] [PATCH] 843 reduce dogtag install time

Mon, 01 Aug 2011 19:23:39 -0700 

On 08/01/2011 03:19 PM, Rob Crittenden wrote:
Ade Lee from the dogtag team looked at our installer and found that we restarted the pki-cad process too many times. Re-arranging some code allows us to restart it just once. The new config time for dogtag is 3 1/2 minutes, down from about 5 1/2. 


Ade is working on improvements in pki-silent as well which can bring 
the overall install time to 90 seconds. If we can get a change in 
SELinux policy we're looking at 60 seconds.



This patch just contains the reworked installer part. Once an updated 
dogtag is released we can update the spec file to pull it in.


rob


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel




Something is wrong.  When I installed this patch, the browser works fine 
in a clean mode (never before initiailzied).  Howevr, if the browser 
already has a certificate from the server, in the past I was able to go 
into  Edit->preferences->advanced->Certificates, and remove both the 
server and the CA certificate, and then restart the browser.  That does 
not work now.  I just get the message


Secure Connection Failed

        An error occurred during a connection to 
server15.ayoung.boston.devel.redhat.com.



You have received an invalid certificate.  Please contact the server 
administrator or email correspondent and give them the following 
information:



Your certificate contains the same serial number as another certificate 
issued by the certificate authority.  Please get a new certificate 
containing a unique serial number.


(Error code: sec_error_reused_issuer_and_serial)


  The page you are trying to view can not be shown because the 
authenticity of the received data could not be verified.
  Please contact the web site owners to inform them of this problem. 
Alternatively, use the command found in the help menu to report this 
broken site.




Restarting IPA made no difference.  The browser does not provide a lot 
of info in which to debug this.



I'll try again with out the patch and see if there is a difference.


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel





















					Reply via email to