> -----Original Message-----
> From: Fraser Tweedale [mailto:ftwee...@redhat.com]
> Sent: Wednesday, 23 September 2015 10:59 AM
> To: Les Stott
> Cc: Winfried de Heiden; email@example.com
> Subject: Re: [Freeipa-users] sec_error_reused_issuer_and_serial
> On Tue, Sep 22, 2015 at 09:52:38PM +0000, Les Stott wrote:
> > The only way to get around it, because you are using the same domain
> > name, is to use different browsers to visit each site.
> > Firefox for sitea, chrome for siteb.
> It is not the only way; you can flush your browser cache / offline data for
> site and cause the browswer to forget about the issuer.
> Certainly with Firefox this is possible (I don't use Chromium).
This never worked for me. Or if it did, it made siteb accessible, but then
sitea had the ssl error and vice versa.
> Or you can use separate Firefox profiles (again I am unsure if Chromium has
> this feature) for the separate installations.
> Or for installations / experimentation, you can specify a different
> "Organization" component of the root issuer DN when installing FreeIPA. I
> include a "timestamp" when installing test servers:
> ipa-server-install --subject 'O=IPA.LOCAL 201508311610'
Never knew about that option. It would make sense if something like that was
the default I think....
Thanks for the info.
> Hope that helps!
> > It's got to do with the fact that the Parent certificate name (generated
> automatically during install) is the same on both and because the domain
> matches then firefox throws the ssl warning.
> > I have the same thing in my environments for production and dr where the
> domain name is the same in both.
> > Regards,
> > Les
> > From: freeipa-users-boun...@redhat.com
> > [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Winfried de
> > Heiden
> > Sent: Tuesday, 22 September 2015 10:27 PM
> > To: firstname.lastname@example.org
> > Subject: [Freeipa-users] sec_error_reused_issuer_and_serial
> > Hi all,
> > Playing around with freeipa on Fedora 22 after installing I cannot access
> > the
> UI. Firefox will tell "sec_error_reused_issuer_and_serial".
> > I allready have an Freeipa (Fedora 21 based) and somewhere there seems
> to be a conflict in the certificates. After using a different domain name all
> goes well.
> > I want to test and try a few things on a test Freeipa server using the same
> domain name. Deleting all certicates in Firefox or even trying a new and clean
> profile did not help. How can I avoid this conflict?
> > Winfried
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project