Re: [Freeipa-users] ipa-replica-prepare failing

Thu, 09 Apr 2015 07:20:45 -0700 

David Dejaeghere wrote:
> Hi,
> 
> Does somebody have any pointers for me regarding this issue?

It would help very much if you'd include the version you're working
with. Based on line numbers I'll assume IPA 4.1.

It's hard to say since you don't include the command-line you're using,
or what those files consist of.

It looks like it is blowing up trying to verify that the whole
certificate chain is available. NSS unfortunately doesn't always provide
the best error messages so it's hard to say why this particular cert
can't be loaded.

rob

> 
> Regards,
> 
> D
> 
> 2015-04-07 13:34 GMT+02:00 David Dejaeghere <[email protected]
> <mailto:[email protected]>>:
> 
>     Hello,
> 
>     I am trying to setup a replica for my master which has been setup
>     with an external CA to use our godaddy wildcard certificate.
>     The ipa-replica-prepare is failing with the following debug information.
>     I am using --http-cert  and --dirsrv-cert with my pk12 server
>     certificate.
>     What can I verify to get an idea of what is going wrong?
> 
>     ipa: DEBUG: stderr=
>     ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG:  
>     File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line
>     169, in execute
>         self.ask_for_options()
>       File
>     
> "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py",
>     line 276, in ask_for_options
>         options.http_cert_name)
>       File
>     
> "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_replica_prepare.py",
>     line 176, in load_pkcs12
>         host_name=self.replica_fqdn)
>       File
>     "/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line
>     785, in load_pkcs12
>         nss_cert = x509.load_certificate(cert, x509.DER)
>       File "/usr/lib/python2.7/site-packages/ipalib/x509.py", line 128,
>     in load_certificate
>         return nss.Certificate(buffer(data))
> 
>     ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: DEBUG: The
>     ipa-replica-prepare command failed, exception: NSPRError:
>     (SEC_ERROR_LIBRARY_FAILURE) security library failure.
>     ipa.ipaserver.install.ipa_replica_prepare.ReplicaPrepare: ERROR:
>     (SEC_ERROR_LIBRARY_FAILURE) security library failure.
> 
>     Regards,
> 
>     D
> 
> 
> 
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to