Re: [Freeipa-users] sec_error_reused_issuer_and_serial

Tue, 22 Sep 2015 18:03:08 -0700 

On Tue, Sep 22, 2015 at 09:52:38PM +0000, Les Stott wrote:
> The only way to get around it, because you are using the same
> domain name, is to use different browsers to visit each site.
> Firefox for sitea, chrome for siteb.
> 
It is not the only way; you can flush your browser cache / offline
data for the site and cause the browswer to forget about the issuer.
Certainly with Firefox this is possible (I don't use Chromium).

Or you can use separate Firefox profiles (again I am unsure if
Chromium has this feature) for the separate installations.

Or for installations / experimentation, you can specify a different
"Organization" component of the root issuer DN when installing
FreeIPA.  I include a "timestamp" when installing test servers:

    ipa-server-install --subject 'O=IPA.LOCAL 201508311610'

Hope that helps!
Fraser

> It's got to do with the fact that the Parent certificate name (generated 
> automatically during install) is the same on both and because the domain 
> matches then firefox throws the ssl warning.
> 
> I have the same thing in my environments for production and dr where the 
> domain name is the same in both.
> 
> Regards,
> 
> Les
> 
> From: freeipa-users-boun...@redhat.com 
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Winfried de Heiden
> Sent: Tuesday, 22 September 2015 10:27 PM
> To: freeipa-users@redhat.com
> Subject: [Freeipa-users] sec_error_reused_issuer_and_serial
> 
> Hi all,
> 
> Playing around with freeipa on Fedora 22 after installing I cannot access the 
> UI. Firefox will tell "sec_error_reused_issuer_and_serial".
> 
> I allready have an Freeipa (Fedora 21 based) and somewhere there seems to be 
> a conflict in the certificates. After using a different domain name all goes 
> well.
> 
> I want to test and try a few things on a test Freeipa server using the same 
> domain name. Deleting all certicates in Firefox or even trying a new and 
> clean profile did not help. How can I avoid this conflict?
> 
> Winfried
> 

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to