I have a standard freeipa environment under rhel6.
One of my replica servers, lets call it "serverB" had issues and I eventually
I rebuilt and restored data, but something wasn't right. Replication wasn't
working. I had tried to re-initialize replication but it didn't help.
The last thing I did was to ....
# remove the cert from being tracked (as per info shown after completion of
getcert stop-tracking -i 20131216070540
On server (the master)
ipa host-del serverB.mydomain.com.gpg
ipa-replica-manage del serverB.mydomain.com.gpg --force
rm replica-info- serverB.mydomain.com.gpg
This all appeared fine, and seemingly removes serverB completely. So, I then
set it back up as a replica in the normal way ,and this worked well.
Replication is working and all looks good except for the FreeIPA Web interface.
When I try to browse to https://serverB.mydomain.com/ipa/ui/ I get "unknown
Error" in a popup box.
In the apache error log I see....
[Mon Nov 10 02:08:37 2014] [error] SSL Library Error: -12195 Peer does not
recognize and trust the CA that issued your certificate
I am not sure what "Peer" references - serverB locally?
My gut feel is that perhaps there were leftover remnants (possibly in ipa httpd
config) from after the uninstall and the reinstall didn't overwrite them..
Can anyone shed any light on the error above?
Thanks in advance,
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project