On 08/01/2011 03:19 PM, Rob Crittenden wrote:
Ade Lee from the dogtag team looked at our installer and found that we
restarted the pki-cad process too many times. Re-arranging some code
allows us to restart it just once. The new config time for dogtag is 3
1/2 minutes, down from about 5 1/2.
Ade is working on improvements in pki-silent as well which can bring
the overall install time to 90 seconds. If we can get a change in
SELinux policy we're looking at 60 seconds.
This patch just contains the reworked installer part. Once an updated
dogtag is released we can update the spec file to pull it in.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Something is wrong. When I installed this patch, the browser works fine
in a clean mode (never before initiailzied). Howevr, if the browser
already has a certificate from the server, in the past I was able to go
into Edit->preferences->advanced->Certificates, and remove both the
server and the CA certificate, and then restart the browser. That does
not work now. I just get the message
Secure Connection Failed
An error occurred during a connection to
server15.ayoung.boston.devel.redhat.com.
You have received an invalid certificate. Please contact the server
administrator or email correspondent and give them the following
information:
Your certificate contains the same serial number as another certificate
issued by the certificate authority. Please get a new certificate
containing a unique serial number.
(Error code: sec_error_reused_issuer_and_serial)
The page you are trying to view can not be shown because the
authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem.
Alternatively, use the command found in the help menu to report this
broken site.
Restarting IPA made no difference. The browser does not provide a lot
of info in which to debug this.
I'll try again with out the patch and see if there is a difference.
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel