On Wed, 12 Jan 2011 12:03:59 -0600 "[email protected]" <[email protected]> wrote:
> Ok, so the ipa-server-certinstall script seems to be where things did > not work as I perhaps expected them to. > > I manually put the certificates in the dirsrv cert db, and the web > interface cert db. The ipa-replica-manage uses replication.py, which > is declaring > > CACERT="/usr/share/ipa/html/ca.crt" > > It looks like this is where the error is being caused. The > certification there is still the original "IPA Test Certificate > Authority". If I point it to the DigiCertCA.crt (which should work), > OR the AD-ca.crt file, I get the same error as originally mentioned > when running 'ipa-replica-manage list'. If I comment out the CACERT > variable it does as expected: unexpected error: global name 'CACERT' > is not defined > > So, can someone give me some advice about where else it may be > reading the certificate from, or how I can do things "the proper way" > for IPA? /etc/ipa/ca.crt is another place where the cert can be found. but for winsync you can pass the cacert on the command line, have you tried that ? Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
