On 08/03/2011 03:28 AM, Kashyap Chamarthy wrote:
On 08/03/2011 12:32 PM, Petr Vobornik wrote:
On Mon, 2011-08-01 at 23:03 -0400, Adam Young wrote:
On 08/01/2011 10:26 PM, Adam Young wrote:
On 08/01/2011 03:19 PM, Rob Crittenden wrote:
Ade Lee from the dogtag team looked at our installer and found
that we restarted the pki-cad process too many times. Re-arranging
some code allows us to restart it just once. The new config time
for dogtag is 3 1/2 minutes, down from about 5 1/2.
Ade is working on improvements in pki-silent as well which can
bring the overall install time to 90 seconds. If we can get a
change in SELinux policy we're looking at 60 seconds.
This patch just contains the reworked installer part. Once an
updated dogtag is released we can update the spec file to pull it
in.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Disregard: same thing seems to be happening without this patch.
Something is wrong. When I installed this patch, the browser works
fine in a clean mode (never before initiailzied). Howevr, if the
browser already has a certificate from the server, in the past I was
able to go into Edit->preferences->advanced->Certificates, and
remove both the server and the CA certificate, and then restart the
browser. That does not work now. I just get the message
Secure Connection Failed
An error occurred during a connection to
server15.ayoung.boston.devel.redhat.com.
You have received an invalid certificate. Please contact the server
administrator or email correspondent and give them the following
information:
Your certificate contains the same serial number as another
certificate issued by the certificate authority. Please get a new
certificate containing a unique serial number.
(Error code: sec_error_reused_issuer_and_serial)
The page you are trying to view can not be shown because the
authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem.
Alternatively, use the command found in the help menu to report this
broken site.
Restarting IPA made no difference. The browser does not provide a
lot of info in which to debug this.
I'll try again with out the patch and see if there is a difference.
In Firefox 5 I also have to clear browser cache along with removing
certificates to get rid of 'sec_error_reused_issuer_and_serial'.
Also, while testing multiple instances of dogtag, IMO, it's better to
have a clean FF profile (or ensure to have the security domain name be
unique for each CA).
Delete the old profile and create a new profile.
---
# firefox -ProfileManager
---
Or invoke it with a certain new profile..
---
# firefox -P foobar
---
Yep, I do that too.
I'm going say that while this is good for certain QA tasks, developers
cannot and should not expect that end users blow away their profiles.
We need to make sure the use cases of normal users are the best tested,
and that means figuring out how to clean up a warped profile. If you
always start from clean, you avoid this pain. So, best to mix it up, by
reuse an existing profile by default.
Petr
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
