On 29.5.2013 07:42, John Moyer wrote:
Yea I replaced both certs, however, in my troubleshooting I've found more I'll 
say symptoms or potential problems, which may stem from this or be independent 
from it.

1. Showing this error message on restarting the service:
     EXAMPLE-COM...[29/May/2013:05:30:58 +0000] - SSL alert: 
CERT_VerifyCertificateNow: verify certificate failed for cert MyIPA of family 
cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8172 - Peer's 
certificate issuer has been marked as not trusted by the user.)

2. This is on an AWS machine, and when I rebooted the internal IP of the 
machine changed.  I'm not sure if there are values in the Directory Server that 
would have that internal IP in there which would cause a problem.  The external 
IP and DNS have stayed the same and I've tried to have all install values match 
the external IP or external name for this exact reason.

3. The named service will no longer start, here are the errors getting put in 
the /var/log/messages
May 29 05:31:01 ip-10-1-3-5 named[5592]: sizing zone task pool based on 6 zones
May 29 05:31:01 ip-10-1-3-5 named[5592]: /etc/named.conf:12: no forwarders 
seen; disabling forwarding
May 29 05:31:01 ip-10-1-3-5 named[5592]: set up managed keys zone for view 
_default, file 'dynamic/managed-keys.bind'
  May 29 05:31:19 ip-10-1-3-5 named[5592]: Failed to init credentials (Cannot 
contact any KDC for realm 'EXAMPLE.COM')
  May 29 05:31:19 ip-10-1-3-5 named[5592]: loading configuration: failure May 
29 05:31:19 ip-10-1-3-5 named[5592]: exiting (due to fatal error)

Any help in a right direction or theory to a right direction would be much 
Problems 2 and 3 might be caused by incorrect IP address in /etc/hosts and IPA DNS. Please correct content of /etc/hosts, start IPA and then correct IP addresses in IPA DNS.

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to