On Wed, 12 Jan 2011 12:03:59 -0600
"d...@killbrad.com" <d...@killbrad.com> wrote:
> Ok, so the ipa-server-certinstall script seems to be where things did
> not work as I perhaps expected them to.
> I manually put the certificates in the dirsrv cert db, and the web
> interface cert db. The ipa-replica-manage uses replication.py, which
> is declaring
> It looks like this is where the error is being caused. The
> certification there is still the original "IPA Test Certificate
> Authority". If I point it to the DigiCertCA.crt (which should work),
> OR the AD-ca.crt file, I get the same error as originally mentioned
> when running 'ipa-replica-manage list'. If I comment out the CACERT
> variable it does as expected: unexpected error: global name 'CACERT'
> is not defined
> So, can someone give me some advice about where else it may be
> reading the certificate from, or how I can do things "the proper way"
> for IPA?
/etc/ipa/ca.crt is another place where the cert can be found.
but for winsync you can pass the cacert on the command line, have you
tried that ?
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list