On 23/12/2016 09:47, Brian Candler wrote:
/etc/pki/pki-tomcat/ca/CS.cfg:ca.defaultOcspUri=http://ipa-ca.bar.example.com/ca/ocsp
However the installation process didn't actually create this DNS
entry, so the ipa-ca hostname is not resolvable.
Aside: I think this was because ipatest.foo.example.com was only in
/etc/hosts, not in the DNS. Installation message:
ipa : ERROR unable to resolve host name
ipatest.foo.example.com. to IP address, ipa-ca DNS record will be incomplete
But if it had used gethostent() or similar, it would have worked:
# getent hosts ipatest.foo.example.com
100.64.2.3 ipatest.foo.example.com ipatest
Regards,
Brian.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project