Am Freitag, 3. Januar 2020, 17:23:46 CET schrieb Rob Crittenden via FreeIPA-
users:
> Günther J. Niederwimmer via FreeIPA-users wrote:
>
> > Am Freitag, 3. Januar 2020, 16:27:38 CET schrieb Rob Crittenden via
> > FreeIPA-
users:
> >
> >> Günther J. Niederwimmer via FreeIPA-users wrote:
> >>
> >>
> >>
> >>> Hallo,
> >>>
> >>>
> >>>
> >>> Am Donnerstag, 2. Januar 2020, 21:37:31 CET schrieb Rob Crittenden via
> >>> FreeIPA-users:
> >>>
> >>>
> >>>
> >>>> Günther J. Niederwimmer via FreeIPA-users wrote:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>> Am Donnerstag, 2. Januar 2020, 19:46:47 CET schrieb Rob Crittenden via
> >>>>>
> >>>>> FreeIPA-users:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> Günther J. Niederwimmer via FreeIPA-users wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> Hello,
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> this is a new installed Server CentOS 7.7
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> but it is not possible to configure this for IPA replica
> >>>>>>> I have this Error
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> ipapython.admintool: ERROR [0:0:6]+[128:32:0] not in asn1Spec:
> >>>>>>> GeneralName(componentType=NamedTypes(NamedType('rfc822Name',
> >>>>>>> IA5String(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0,
> >>>>>>> tagId=1)))),
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> NamedType('dNSName', IA5String(tagSet=TagSet((), Tag(tagClass=128,
> >>>>>>> tagFormat=0, tagId=2)))), NamedType('directoryName',
> >>>>>>> Name(componentType=NamedTypes(NamedType('', RDNSequence())),
> >>>>>>> tagSet=TagSet((),
> >>>>>
> >>>>>
> >>>>>
> >>>>> Tag(tagClass=128, tagFormat=0, tagId=4)))),
> >>>>>
> >>>>>
> >>>>>
> >>>>>>> NamedType('uniformResourceIdentifier', IA5String(tagSet=TagSet((),
> >>>>>>> Tag(tagClass=128, tagFormat=0, tagId=6)))), NamedType('iPAddress',
> >>>>>>> OctetString(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0,
> >>>>>>> tagId=7)))),
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> NamedType('registeredID', ObjectIdentifier('<no value>'))))
> >>>>>>> ipapython.admintool: ERROR The ipa-replica-install command
> >>>>>>> failed.
> >>>>>>> See
> >>>>>>> /
> >>>>>
> >>>>>
> >>>>>
> >>>>> var/log/ipareplica-install.log for more information
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> I install before ipa-client-install, this is working but afterward
> >>>>>>> for
> >>>>>>> the
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>> replica i Have this Problem?
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> firewall Ports are open.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> More context from the log would help.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> I send it to you Rob
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> And can you confirm what version of python-pyasn1 is installed, and
> >>>>>> that
> >>>>>> you don't have a pip-version installed.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> this version is installed
> >>>>> Paket python2-pyasn1-0.1.9-7.el7.noarch
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> normal installation
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> It is blowing up trying to fetch the subject-alt names out of the
> >>>> Apache
> >>>> cert on the original master (ipa.xxx.xxx). You didn't happen to
> >>>> replace
> >>>> the Apache cert on ipa.xxx.xxx did you?
> >>>
> >>>
> >>>
> >>>
> >>> NO, this is a "normal" Installation without changing anything ?
> >>>
> >>>
> >>>
> >>> I make no experiments with certificates?
> >>>
> >>>
> >>>
> >>> the only thing I remember
> >>> I have set in host
> >>>
> >>>
> >>>
> >>> xxx.xxx.xxx.xxx ipa.example.com
> >>> 2000:yy:yy:yy:yy ipa.example.com
> >>> xxx.xxx.xxx.xxx ipa.example.com.lan
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>> Can you provide the PEM for that cert?
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>> On ipa.xxx.xxx:
> >>>> # certutil -L -d /etc/httpd/alias -n Server-Cert -a
> >>>
> >>>
> >>>
> >>>
> >>> I have a normal certificate
> >>> -----BEGIN CERTIFICATE-----
> >>> ................................
> >>> ................
> >>> .........
> >>> -----END CERTIFICATE-----
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >>
> >> It could be useful for us to see the contents of the cert to see if we
> >> can duplicate the failure.
> >
> >
> > OK is on the way ;)
> >
>
>
> Can you provide the output of:
>
> python -c 'from urllib3.contrib import pyopenssl'
there is NO output on master or replica
Thanks for the Help.
--
mit freundlichen Grüßen / best regards
Günther J. Niederwimmer
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
