Megan . wrote: > Sorry for being unclear. It still fails. Same error. Hmm, strange. Try being explicit about sql:
# certutil -L -d sql:/etc/pki/nssdb And if there is a CA cert there, delete it. rob > > On Dec 5, 2014 4:39 PM, "Rob Crittenden" <rcrit...@redhat.com > <mailto:rcrit...@redhat.com>> wrote: > > Megan . wrote: > > Thanks. > > > > I did have an issue last week where i tried to do the client install > > and it failed because of a firewall issue. Networks has it opened > > now. I deleted ca.crt before trying again. There doesn't seem to be > > a certificate in /etc/pki/nssdb for it. > > > > > > > > [root@data2-uat ipa]# certutil -L -d /etc/pki/nssdb > > > > > > Certificate Nickname Trust > Attributes > > > > > SSL,S/MIME,JAR/XPI > > > > > > [root@data2-uat ipa]# certutil -D -n 'IPA CA' -d /etc/pki/nssdb > > > > certutil: could not find certificate named "IPA CA": > > SEC_ERROR_BAD_DATABASE: security library: bad database. > > > > [root@data2-uat ipa]# ls > > > > [root@data2-uat ipa]# pwd > > > > /etc/ipa > > > > [root@data2-uat ipa]# ls -al > > > > total 16 > > > > drwxr-xr-x. 2 root root 4096 Dec 5 21:16 . > > > > drwxr-xr-x. 82 root root 12288 Dec 5 21:16 .. > > > > [root@data2-uat ipa]# > > So trying to install the client again fails or succeeds now? > > rob > > > > > On Fri, Dec 5, 2014 at 4:03 PM, Rob Crittenden > <rcrit...@redhat.com <mailto:rcrit...@redhat.com>> wrote: > >> Rob Crittenden wrote: > >>> Megan . wrote: > >>>> Good Day! > >>>> > >>>> I am getting an error when i register new clients. > >>>> > >>>> libcurl failed to execute the HTTP POST transaction. SSL > connect error > >>>> > >>>> I can't find anything useful not the internet about the error. Can > >>>> someone help me troubleshoot? > >>>> > >>>> CentOS 6.6 x64 > >>>> ipa-client-3.0.0-42.el6.centos.x86_64 > >>>> ipa-server-3.0.0-42.el6.centos.x86_64 > >>>> curl-7.19.7-40.el6_6.1.x86_64 > >>> > >>> Do you have NSS_DEFAULT_DB_TYPE set to sql? I don't know that > we've done > >>> any testing on the client with this set. > >> > >> Never mind, that's not it. The problem is: > >> > >> * NSS error -8054 > >> > >> Which is SEC_ERROR_REUSED_ISSUER_AND_SERIAL > >> > >> So I'd do this: > >> > >> # rm /etc/ipa/ca.crt > >> > >> You may also want to ensure that the IPA CA certificate isn't in > >> /etc/pki/nssdb: > >> > >> # certutil -L -d /etc/pki/nssdb > >> > >> And then perhaps > >> > >> # certutil -D -n 'IPA CA' -d /etc/pki/nssdb > >> > >> rob > >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project