On 07/22/2016 05:08 AM, Devin Acosta wrote:

I have just installed a newly created FreeIPA server running CentOS 7.2.
I have a (wildcard) SSL Certificate that I want to use for the FreeIPA
Web Management GUI. I tried to follow the directions listed here at the
of https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
however when I run those steps I get the error message:

ipa-server-certinstall -w -d star.linuxstack.cloud.key
Directory Manager password:

Enter private key unlock password:

org.fedorahosted.certmonger.duplicate: Certificate at same location is
already used by request with nickname "20160722021526".

Any ideas? It seems like I need to somehow just get the one installed by
default replaced. I don't see any information on how to just replace it?

Hi Devin,

you may be hitting issue 4785 [1]. When ipa-server-certinstall is run, it does not stop tracking the previous server certificate and fails to start tracking the new cert.

As a side note, with -w -d you are replacing both the directory server certificate and the Web Management GUI certificate. If you only want to replace the web cert, you can drop the -d option.


[1] https://fedorahosted.org/freeipa/ticket/4785

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to