On 05/19/2015 12:53 PM, Martin Kosek wrote:
> On 05/19/2015 04:04 AM, Dewangga Bachrul Alam wrote:
>> Hello!
>> I'm trying to reinstall ipa client, but have a problem with old/existing
>> ca.crt in `/etc/ipa/ca.crt`. Should I remove it manually? Since the IPA
>> server still on development and always reinstalled, I need to reproduce
>> any possible problem/error on FreeIPA 4.x on CentOS 7.
>> The error was :
>> LDAP Error: Connect error: TLS error -8054:You are attempting to import
>> a cert with the same issuer/serial as an existing cert, but that is not
>> the same cert.
>> Currently, I was renamed ca.crt to ca.crt.old and the ipa client
>> successfully reconnected to new FreeIPA Server using dns discovery.
>> Is it normal? And why the ipa-client-install --uninstall didn't
>> completely remove the old ca.crt?
> Hello,
> ipa-client-install uninstall the CA certificate properly since FreeIPA
> 3.2. This is the upstream ticket:
> https://fedorahosted.org/freeipa/ticket/3537
> CentOS/RHEL speaking, this should be thus fixed in 7.0+. In 6.x
> versions, you need to delete the certificate manually if you reinstalled
> the IPA server.
> HTH,
> Martin

Could you gimme advice, which version is suitable on production? 3.x or
4.x ?.Or is there any release timeline for FreeIPA version (like EOL, etc).

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to