Steven Jones wrote:


[root@fed14-64-ipam001 jonesst1]# ipa-replica-prepare
fed14-64-ipam002.ipa.ac.nz
Directory Manager (existing master) password:

Preparing replica for fed14-64-ipam002.ipa.ac.nz from
fed14-64-ipam001.ipa.ac.nz
Creating SSL certificate for the Directory Server
ipa: INFO: sslget
'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient'
Creating SSL certificate for the Web Server
ipa: INFO: sslget
'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient'
preparation of replica failed: cannot connect to
'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': 
[Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key 
necessary for authentication.
cannot connect to
'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': 
[Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key 
necessary for authentication.
   File "/usr/sbin/ipa-replica-prepare", line 431, in<module>
     main()

   File "/usr/sbin/ipa-replica-prepare", line 363, in main
     export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "httpcert",
replica_fqdn, subject_base)

   File "/usr/sbin/ipa-replica-prepare", line 136, in export_certdb
     raise e


If I go to the URL I get,

================

The Certificate System has encountered an unrecoverable error.

Error Message:
java.lang.NullPointerException

Please contact your local administrator for assistance.
================

???

regards

Can you provide the output of:

# certutil -L -d /etc/httpd/alias

During installation dogtag provides us with an RA agent certificate that we use to communicate with the CA. This certificate should be stored in /etc/httpd/alias.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to