Hi all,

I have a standard freeipa environment under rhel6.

One of my replica servers, lets call it "serverB" had issues and I eventually 
rebuilt it.

I rebuilt and restored data, but something wasn't right. Replication wasn't 
working. I had tried to re-initialize replication but it didn't help.

The last thing I did was to ....

On serverB
ipa-server-install --uninstall
getcert list
# remove the cert from being tracked (as per info shown after completion of 
ipa-server-install --uninstall
getcert stop-tracking -i 20131216070540
rm /var/lib/ipa/replica-info-serverB.mydomain.com.gpg

On server (the master)
ipa host-del serverB.mydomain.com.gpg
ipa-replica-manage del serverB.mydomain.com.gpg --force
cd /var/lib/ipa
rm replica-info- serverB.mydomain.com.gpg

This all appeared fine, and seemingly removes serverB completely. So, I then 
set it back up as a replica in the normal way ,and this worked well. 
Replication is working and all looks good except for the FreeIPA Web interface.

When I try to browse to https://serverB.mydomain.com/ipa/ui/ I get "unknown 
Error" in a popup box.

In the apache error log I see....
[Mon Nov 10 02:08:37 2014] [error] SSL Library Error: -12195 Peer does not 
recognize and trust the CA that issued your certificate

I am not sure what "Peer" references - serverB locally?

My gut feel is that perhaps there were leftover remnants (possibly in ipa httpd 
config) from after the uninstall and the reinstall didn't overwrite them..

Can anyone shed any light on the error above?

Thanks in advance,

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to