On 08/06/2015 04:10 PM, David Dejaeghere wrote: > Hello Guys, > > I was able to resolve this today. > My webserver and dirsrv certificate were expired yesterday and trying to > replace them gave me the same error "ERROR: (SEC_ERROR_LIBRARY_FAILURE) > security library failure." > So I tried some things to resolve this. > The trick was to replace /etc/ipa/ca.crt with the godaddy file "gdig2" which > only has 1 certificare. This file you can get while downloading your > certificate from godaddy. Then I had to add the bundle from godaddy, file > gd_bundle-g2-g1 into my server cert. > This made both the command ipa-server-certinstall and ipa-replicate-prepare > finish as expected! > > Hope this helps. I saw somebody else with a very similar issue. > > Kind Regards, > > D
Yeah, the source of this issue appears to be a wrong /etc/ipa/ca.crt created during ipa-server-install. I was able to work around it with: ipa-certupdate Which wrote out a correct /etc/ipa/ca.crt. See https://fedorahosted.org/freeipa/ticket/5117#comment:16 -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane [email protected] Boulder, CO 80301 http://www.nwra.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
