On 08/06/2015 04:10 PM, David Dejaeghere wrote:
> Hello Guys,
> 
> I was able to resolve this today.
> My webserver and dirsrv certificate were expired yesterday and trying to
> replace them gave me the same error "ERROR: (SEC_ERROR_LIBRARY_FAILURE)
> security library failure."
> So I tried some things to resolve this.
> The trick was to replace /etc/ipa/ca.crt with the godaddy file "gdig2" which
> only has 1 certificare. This file you can get while downloading your
> certificate from godaddy. Then I had to add the bundle from godaddy, file
> gd_bundle-g2-g1 into my server cert.
> This made both the command ipa-server-certinstall and ipa-replicate-prepare
> finish as expected!
> 
> Hope this helps. I saw somebody else with a very similar issue.
> 
> Kind Regards,
> 
> D

Yeah, the source of this issue appears to be a wrong /etc/ipa/ca.crt created
during ipa-server-install.  I was able to work around it with:

ipa-certupdate

Which wrote out a correct /etc/ipa/ca.crt.

See https://fedorahosted.org/freeipa/ticket/5117#comment:16


-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       or...@nwra.com
Boulder, CO 80301                   http://www.nwra.com

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to