I already had to do that previously to get other things to work; I had
solved it by changing line 582 of
/usr/lib/python2.7/site-packages/ipaserver/install/cainstance.py from
"::1" to "localhost" before installing the server.  I did do this on
the to-be-promoted client as well, to no avail.

On Thu, Feb 23, 2017 at 4:25 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
> Steve Huston wrote:
>> Next stage of my testing was to make a replica of the FreeIPA server,
>> and I started by doing a 'yum install ipa-server' and then moved on to
>> adding the host to the ipaservers group.  This fails every time
>> however, with the error:
>>
>> ipa: ERROR: cannot connect to
>> 'https://ipa.astro.princeton.edu/ipa/json':
>> (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old,
>> unsupported format.
>>
>> Searches on this seem to turn up things like expired certificates, or
>> "reboot httpd" (I went ahead and rebooted the whole ipa server), but
>> nothing concrete.  Suggestions?  Everything (server and soon-to-be
>> replica) running RHEL7.3 with all updates.
>>
>
> See the workaround in https://fedorahosted.org/freeipa/ticket/6575#comment:9
>
> rob



-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to