Hi Honza, That gave me the exact same output. Any ideas?
Regards, D 2015-04-15 7:33 GMT+02:00 Jan Cholasta <jchol...@redhat.com>: > Hi, > > Dne 14.4.2015 v 19:47 Rob Crittenden napsal(a): > >> David Dejaeghere wrote: >> >>> Hi Rob, >>> >>> So you want to output of the command using pk12 with server cert and >>> key? or with the ca chain in there too? >>> >>> >> Oddly enough it is failing in exactly the same place. Those GoDaddy CA >> certs are still being loaded from somewhere, I'm not sure where, and I >> suspect that is the source of the problem. >> > > They are in the default CA certificate bundle (in the ca-certificate > package). I guess NSS loads it automatically. > > >> I'm going to forward the log to a colleague who has worked on this code >> more recently than I have. Maybe he will have an idea. >> > > Could you try if the following works? > > # mv /usr/share/pki/ca-trust-source/ca-bundle.trust.crt > /root/ca-bundle.trust.crt > > # update-ca-trust > > # ipa-replica-prepare ... > > # mv /root/ca-bundle.trust.crt /usr/share/pki/ca-trust- > source/ca-bundle.trust.crt > > # update-ca-trust > > >> rob >> >> > Honza > > -- > Jan Cholasta >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project