Am Freitag, 3. Januar 2020, 17:58:00 CET schrieb Rob Crittenden via FreeIPA-
users:
> Günther J. Niederwimmer via FreeIPA-users wrote:
>
> > Am Freitag, 3. Januar 2020, 17:23:46 CET schrieb Rob Crittenden via
> > FreeIPA-
users:
> >
> >> Günther J. Niederwimmer via FreeIPA-users wrote:
> >>
> >>
> >>
> >>> Am Freitag, 3. Januar 2020, 16:27:38 CET schrieb Rob Crittenden via
> >>> FreeIPA-
> >
> > users:
> >
> >>>
> >>>
> >>>> Günther J. Niederwimmer via FreeIPA-users wrote:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>> Hallo,
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> Am Donnerstag, 2. Januar 2020, 21:37:31 CET schrieb Rob Crittenden via
> >>>>>
> >>>>> FreeIPA-users:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> Günther J. Niederwimmer via FreeIPA-users wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> Am Donnerstag, 2. Januar 2020, 19:46:47 CET schrieb Rob Crittenden
> >>>>>>> via
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> FreeIPA-users:
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>> Günther J. Niederwimmer via FreeIPA-users wrote:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>> Hello,
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> this is a new installed Server CentOS 7.7
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> but it is not possible to configure this for IPA replica
> >>>>>>>>> I have this Error
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> ipapython.admintool: ERROR [0:0:6]+[128:32:0] not in asn1Spec:
> >>>>>>>>>
> >>>>>>>>> GeneralName(componentType=NamedTypes(NamedType('rfc822Name',
> >>>>>>>>> IA5String(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0,
> >>>>>>>>> tagId=1)))),
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> NamedType('dNSName', IA5String(tagSet=TagSet((), Tag(tagClass=128,
> >>>>>>>>>
> >>>>>>>>> tagFormat=0, tagId=2)))), NamedType('directoryName',
> >>>>>>>>> Name(componentType=NamedTypes(NamedType('', RDNSequence())),
> >>>>>>>>> tagSet=TagSet((),
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> Tag(tagClass=128, tagFormat=0, tagId=4)))),
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>> NamedType('uniformResourceIdentifier', IA5String(tagSet=TagSet((),
> >>>>>>>>>
> >>>>>>>>> Tag(tagClass=128, tagFormat=0, tagId=6)))), NamedType('iPAddress',
> >>>>>>>>>
> >>>>>>>>> OctetString(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0,
> >>>>>>>>> tagId=7)))),
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> NamedType('registeredID', ObjectIdentifier('<no value>'))))
> >>>>>>>>> ipapython.admintool: ERROR The ipa-replica-install command
> >>>>>>>>> failed.
> >>>>>>>>> See
> >>>>>>>>> /
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> var/log/ipareplica-install.log for more information
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> I install before ipa-client-install, this is working but
> >>>>>>>>> afterward
> >>>>>>>>> for
> >>>>>>>>> the
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>> replica i Have this Problem?
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> firewall Ports are open.
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> More context from the log would help.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> I send it to you Rob
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>> And can you confirm what version of python-pyasn1 is installed,
> >>>>>>>> and
> >>>>>>>> that
> >>>>>>>> you don't have a pip-version installed.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> this version is installed
> >>>>>>> Paket python2-pyasn1-0.1.9-7.el7.noarch
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> normal installation
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> It is blowing up trying to fetch the subject-alt names out of the
> >>>>>> Apache
> >>>>>> cert on the original master (ipa.xxx.xxx). You didn't happen to
> >>>>>> replace
> >>>>>> the Apache cert on ipa.xxx.xxx did you?
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> NO, this is a "normal" Installation without changing anything ?
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> I make no experiments with certificates?
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> the only thing I remember
> >>>>> I have set in host
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> xxx.xxx.xxx.xxx ipa.example.com
> >>>>> 2000:yy:yy:yy:yy ipa.example.com
> >>>>> xxx.xxx.xxx.xxx ipa.example.com.lan
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> Can you provide the PEM for that cert?
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> On ipa.xxx.xxx:
> >>>>>> # certutil -L -d /etc/httpd/alias -n Server-Cert -a
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> I have a normal certificate
> >>>>> -----BEGIN CERTIFICATE-----
> >>>>> ................................
> >>>>> ................
> >>>>> .........
> >>>>> -----END CERTIFICATE-----
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> It could be useful for us to see the contents of the cert to see if we
> >>>> can duplicate the failure.
> >>>
> >>>
> >>>
> >>>
> >>> OK is on the way ;)
> >>>
> >>>
> >>
> >>
> >>
> >>
> >> Can you provide the output of:
> >>
> >>
> >>
> >> python -c 'from urllib3.contrib import pyopenssl'
> >
> >
> > there is NO output on master or replica
> >
> > Thanks for the Help.
> >
>
>
> So that's the problem.
>
> See if you have python[2]-ndg[-_]httpsclient installed.
>
> I don't believe that RHEL ships this package, maybe it is available in
> CentOS. You could try removing the package and trying the install again.
Yes I found a package from epel ??
python-ndg_httpsclient.noarch 0.3.2-1.el7
@epel
why this installed I cant say I install only fail2ban from epel ?
NEW information by erase this package, it is from the certbot installation ?
now I test the installation again!
thanks for the Help for the Moment ;-)
--
mit freundlichen Grüßen / best regards
Günther J. Niederwimmer
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
