Am Freitag, 3. Januar 2020, 16:27:38 CET schrieb Rob Crittenden via FreeIPA-
users:
> Günther J. Niederwimmer via FreeIPA-users wrote:
>
> > Hallo,
> >
> > Am Donnerstag, 2. Januar 2020, 21:37:31 CET schrieb Rob Crittenden via
> > FreeIPA-users:
> >
> >> Günther J. Niederwimmer via FreeIPA-users wrote:
> >>
> >>
> >>
> >>> Am Donnerstag, 2. Januar 2020, 19:46:47 CET schrieb Rob Crittenden via
> >>> FreeIPA-users:
> >>>
> >>>
> >>>
> >>>> Günther J. Niederwimmer via FreeIPA-users wrote:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>> Hello,
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> this is a new installed Server CentOS 7.7
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> but it is not possible to configure this for IPA replica
> >>>>> I have this Error
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> ipapython.admintool: ERROR [0:0:6]+[128:32:0] not in asn1Spec:
> >>>>> GeneralName(componentType=NamedTypes(NamedType('rfc822Name',
> >>>>> IA5String(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0,
> >>>>> tagId=1)))),
> >>>>>
> >>>>>
> >>>>>
> >>>>> NamedType('dNSName', IA5String(tagSet=TagSet((), Tag(tagClass=128,
> >>>>> tagFormat=0, tagId=2)))), NamedType('directoryName',
> >>>>> Name(componentType=NamedTypes(NamedType('', RDNSequence())),
> >>>>> tagSet=TagSet((),
> >>>
> >>>
> >>> Tag(tagClass=128, tagFormat=0, tagId=4)))),
> >>>
> >>>
> >>>>> NamedType('uniformResourceIdentifier', IA5String(tagSet=TagSet((),
> >>>>> Tag(tagClass=128, tagFormat=0, tagId=6)))), NamedType('iPAddress',
> >>>>> OctetString(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0,
> >>>>> tagId=7)))),
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> NamedType('registeredID', ObjectIdentifier('<no value>'))))
> >>>>> ipapython.admintool: ERROR The ipa-replica-install command failed.
> >>>>> See
> >>>>> /
> >>>
> >>>
> >>> var/log/ipareplica-install.log for more information
> >>>
> >>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> I install before ipa-client-install, this is working but afterward
> >>>>> for
> >>>>> the
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>> replica i Have this Problem?
> >>>
> >>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> firewall Ports are open.
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> More context from the log would help.
> >>>
> >>>
> >>>
> >>> I send it to you Rob
> >>>
> >>>
> >>>
> >>>
> >>>> And can you confirm what version of python-pyasn1 is installed, and
> >>>> that
> >>>> you don't have a pip-version installed.
> >>>
> >>>
> >>>
> >>> this version is installed
> >>> Paket python2-pyasn1-0.1.9-7.el7.noarch
> >>>
> >>>
> >>>
> >>> normal installation
> >>
> >>
> >>
> >>
> >> It is blowing up trying to fetch the subject-alt names out of the Apache
> >> cert on the original master (ipa.xxx.xxx). You didn't happen to replace
> >> the Apache cert on ipa.xxx.xxx did you?
> >
> >
> > NO, this is a "normal" Installation without changing anything ?
> >
> > I make no experiments with certificates?
> >
> > the only thing I remember
> > I have set in host
> >
> > xxx.xxx.xxx.xxx ipa.example.com
> > 2000:yy:yy:yy:yy ipa.example.com
> > xxx.xxx.xxx.xxx ipa.example.com.lan
> >
> >
> >
> >
> >> Can you provide the PEM for that cert?
> >>
> >
> >
> >> On ipa.xxx.xxx:
> >> # certutil -L -d /etc/httpd/alias -n Server-Cert -a
> >
> >
> > I have a normal certificate
> > -----BEGIN CERTIFICATE-----
> > ................................
> > ................
> > .........
> > -----END CERTIFICATE-----
> >
> >
>
>
> It could be useful for us to see the contents of the cert to see if we
> can duplicate the failure.
OK is on the way ;)
--
mit freundlichen Grüßen / best regards
Günther J. Niederwimmer
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
