Hello! On 05/19/2015 12:53 PM, Martin Kosek wrote: > On 05/19/2015 04:04 AM, Dewangga Bachrul Alam wrote: >> Hello! >> >> I'm trying to reinstall ipa client, but have a problem with old/existing >> ca.crt in `/etc/ipa/ca.crt`. Should I remove it manually? Since the IPA >> server still on development and always reinstalled, I need to reproduce >> any possible problem/error on FreeIPA 4.x on CentOS 7. >> >> The error was : >> LDAP Error: Connect error: TLS error -8054:You are attempting to import >> a cert with the same issuer/serial as an existing cert, but that is not >> the same cert. >> >> Currently, I was renamed ca.crt to ca.crt.old and the ipa client >> successfully reconnected to new FreeIPA Server using dns discovery. >> >> Is it normal? And why the ipa-client-install --uninstall didn't >> completely remove the old ca.crt? > > Hello, > > ipa-client-install uninstall the CA certificate properly since FreeIPA > 3.2. This is the upstream ticket: > https://fedorahosted.org/freeipa/ticket/3537 > > CentOS/RHEL speaking, this should be thus fixed in 7.0+. In 6.x > versions, you need to delete the certificate manually if you reinstalled > the IPA server. > > HTH, > Martin
Could you gimme advice, which version is suitable on production? 3.x or 4.x ?.Or is there any release timeline for FreeIPA version (like EOL, etc). -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project