Next stage of my testing was to make a replica of the FreeIPA server,
and I started by doing a 'yum install ipa-server' and then moved on to
adding the host to the ipaservers group.  This fails every time
however, with the error:

ipa: ERROR: cannot connect to
(SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old,
unsupported format.

Searches on this seem to turn up things like expired certificates, or
"reboot httpd" (I went ahead and rebooted the whole ipa server), but
nothing concrete.  Suggestions?  Everything (server and soon-to-be
replica) running RHEL7.3 with all updates.

Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to