Hi all,

Including a "timestamp" when installing test servers like "ipa-server-install --subject 'O=IPA.LOCAL 201508311610'....." looks promising. I will try that!

Kind regards,

Winfried



Op 23-09-15 om 02:59 schreef Fraser Tweedale:
On Tue, Sep 22, 2015 at 09:52:38PM +0000, Les Stott wrote:
The only way to get around it, because you are using the same
domain name, is to use different browsers to visit each site.
Firefox for sitea, chrome for siteb.

It is not the only way; you can flush your browser cache / offline
data for the site and cause the browswer to forget about the issuer.
Certainly with Firefox this is possible (I don't use Chromium).

Or you can use separate Firefox profiles (again I am unsure if
Chromium has this feature) for the separate installations.

Or for installations / experimentation, you can specify a different
"Organization" component of the root issuer DN when installing
FreeIPA.  I include a "timestamp" when installing test servers:

     ipa-server-install --subject 'O=IPA.LOCAL 201508311610'

Hope that helps!
Fraser

It's got to do with the fact that the Parent certificate name (generated 
automatically during install) is the same on both and because the domain 
matches then firefox throws the ssl warning.

I have the same thing in my environments for production and dr where the domain 
name is the same in both.

Regards,

Les

From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Winfried de Heiden
Sent: Tuesday, 22 September 2015 10:27 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] sec_error_reused_issuer_and_serial

Hi all,

Playing around with freeipa on Fedora 22 after installing I cannot access the UI. Firefox 
will tell "sec_error_reused_issuer_and_serial".

I allready have an Freeipa (Fedora 21 based) and somewhere there seems to be a 
conflict in the certificates. After using a different domain name all goes well.

I want to test and try a few things on a test Freeipa server using the same 
domain name. Deleting all certicates in Firefox or even trying a new and clean 
profile did not help. How can I avoid this conflict?

Winfried

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to