On Wed, 12 Jan 2011 12:03:59 -0600
"d...@killbrad.com" <d...@killbrad.com> wrote:

> Ok, so the ipa-server-certinstall script seems to be where things did
> not work as I perhaps expected them to.
> I manually put the certificates in the dirsrv cert db, and the web
> interface cert db.  The ipa-replica-manage uses replication.py, which
> is declaring
> CACERT="/usr/share/ipa/html/ca.crt"
> It looks like this is where the error is being caused.  The
> certification there is still the original "IPA Test Certificate
> Authority".  If I point it to the DigiCertCA.crt (which should work),
> OR the AD-ca.crt file, I get the same error as originally mentioned
> when running 'ipa-replica-manage list'. If I comment out the CACERT
> variable it does as expected:  unexpected error: global name 'CACERT'
> is not defined
> So, can someone give me some advice about where else it may be
> reading the certificate from, or how I can do things "the proper way"
> for IPA?

/etc/ipa/ca.crt is another place where the cert can be found.

but for winsync you can pass the cacert on the command line, have you
tried that ?


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to