On 29.5.2013 07:42, John Moyer wrote:
Yea I replaced both certs, however, in my troubleshooting I've found more I'll
say symptoms or potential problems, which may stem from this or be independent
from it.
1. Showing this error message on restarting the service:
EXAMPLE-COM...[29/May/2013:05:30:58 +0000] - SSL alert:
CERT_VerifyCertificateNow: verify certificate failed for cert MyIPA of family
cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8172 - Peer's
certificate issuer has been marked as not trusted by the user.)
2. This is on an AWS machine, and when I rebooted the internal IP of the
machine changed. I'm not sure if there are values in the Directory Server that
would have that internal IP in there which would cause a problem. The external
IP and DNS have stayed the same and I've tried to have all install values match
the external IP or external name for this exact reason.
3. The named service will no longer start, here are the errors getting put in
the /var/log/messages
May 29 05:31:01 ip-10-1-3-5 named[5592]: sizing zone task pool based on 6 zones
May 29 05:31:01 ip-10-1-3-5 named[5592]: /etc/named.conf:12: no forwarders
seen; disabling forwarding
May 29 05:31:01 ip-10-1-3-5 named[5592]: set up managed keys zone for view
_default, file 'dynamic/managed-keys.bind'
May 29 05:31:19 ip-10-1-3-5 named[5592]: Failed to init credentials (Cannot
contact any KDC for realm 'EXAMPLE.COM')
May 29 05:31:19 ip-10-1-3-5 named[5592]: loading configuration: failure May
29 05:31:19 ip-10-1-3-5 named[5592]: exiting (due to fatal error)
Any help in a right direction or theory to a right direction would be much
appreciated!
Problems 2 and 3 might be caused by incorrect IP address in /etc/hosts and IPA
DNS. Please correct content of /etc/hosts, start IPA and then correct IP
addresses in IPA DNS.
--
Petr^2 Spacek
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
