Maybe I am stupid or tired (or both ..) but I have tried many thing to
include the ca cert, the ipa key and pem file in a single pkcs12 file but I
am still stucked.
Can you give me a more detailled help ?
2013/2/8 Rob Crittenden <rcrit...@redhat.com>
> James James wrote:
>> OK .. but I have to put the pkc12 file in /etc/pki/nssdb ?
> No. The PKCS#12 file that contains your server private key and cert needs
> to also contain the CA that signed it.
>> 2013/2/8 Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com
>> James James wrote:
>> Now on the replica server I've got this error :
>> Run connection check to master
>> Connection check OK
>> Configuring ntpd
>> [1/4]: stopping ntpd
>> [2/4]: writing configuration
>> [3/4]: configuring ntpd to start on boot
>> [4/4]: starting ntpd
>> done configuring ntpd.
>> Configuring directory server: Estimated time 1 minute
>> [1/30]: creating directory server user
>> [2/30]: creating directory server instance
>> [3/30]: adding default schema
>> [4/30]: enabling memberof plugin
>> [5/30]: enabling referential integrity plugin
>> [6/30]: enabling winsync plugin
>> [7/30]: configuring replication version plugin
>> [8/30]: enabling IPA enrollment plugin
>> [9/30]: enabling ldapi
>> [10/30]: configuring uniqueness plugin
>> [11/30]: configuring uuid plugin
>> [12/30]: configuring modrdn plugin
>> [13/30]: enabling entryUSN plugin
>> [14/30]: configuring lockout plugin
>> [15/30]: creating indices
>> [16/30]: configuring ssl for ds instance
>> creation of replica failed: Could not find a CA cert in
>> Your system may be partly configured.
>> Run /usr/sbin/ipa-server-install --uninstall to clean up.
>> Where I have to put the CA certficate ?
>> It needs to be in the PKCS#12 file.
Freeipa-users mailing list