-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello!
I've successfully create replica, everything works fine but why my signed CA certificate didn't automatically transfer to another replica(s)? Is it normal? Trying to add manually, but the certificate in replica(s) still using self-signed. Here's the output from `ipa-certupdate -v` https://paste.fedoraproject.org/paste/U53pyXUa7Z34kLfiKh1QKV5M1UNdIGYhyR LivL9gydE= Interesting line was : ipa: DEBUG: stderr= ipa: DEBUG: Starting external process ipa: DEBUG: args=/usr/bin/certutil -d /etc/ipa/nssdb -L -n IPA CA -a ipa: DEBUG: Process finished, return code=255 ipa: DEBUG: stdout= ipa: DEBUG: stderr=certutil: Could not find cert: IPA CA : PR_FILE_NOT_FOUND_ERROR: File not found ipa: DEBUG: Starting external process ipa: DEBUG: args=/usr/bin/certutil -d /etc/ipa/nssdb -L -n External CA cert -a ipa: DEBUG: Process finished, return code=255 ipa: DEBUG: stdout= ipa: DEBUG: stderr=certutil: Could not find cert: External CA cert : PR_FILE_NOT_FOUND_ERROR: File not found FYI: The replica server previously was a client and promoted to be a replica by hitting this command: `ipa-replica-install --principal admin --admin-password admin_password` Any hints? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQI4BAEBCAAiBQJY+w2NGxxkZXdhbmdnYWJhQHh0cmVtZW5pdHJvLm9yZwAKCRDl f9IgoCjNcFn2EACjKLkv3XokuWsJwjXSyKV3IP6Gh54Os/bNVkAS5rBb5unRl/BQ FG1eV5/Mgq0kSBbbC5C1qvXwSjeaJMjul0ssJ+fldL4d0S+S+s/nos7BsyjZZaQV VP1c4iRrCUeHt//FdTaN9AslsW+2IUlKQ5qFBX+1cN8Kc4Q9yIBmr4e1p94dJCnu z8Fwe/RZS1e69QOWLdfNYsEhGiwXKVqyWaX139kvpOXOaj41yehC0Zzkli6HxpFu lypSRHFAPYLt9fWS0pglPk3PQFLlGC5bNYLTFdADeVn1siME6eZl09+cUUFp2o79 bF2/7+g98QExJ9LY6IxUrrvgvc42c9dX7SY2GU1niEIyxcwXbxt8gWoY91YjEIGX Ibq5vc6FnsQB2rN3L+nO5WvwimH4wEqnFU1YJ+dDh+A80G25JQuLZ4ZBYsuH7rVE T0TH9KEYD8BR46ca9prhv1WNVt0wDDgfWRLc6afLBdJ2eUrx7uXijauyibevc1mI X2OfKELlejsrcDb6hyoS3z18cOES9oJmfpsrNdxGi2X59HVp1o67R4QprQ9ZrGld Eb4njQRXF45O4ZSWT6tGteltf1KVKfoKaxL41S8DPf3wY1JFy/OmtYjNx5fSLcPL b+TRSimv5q6YWIw5/mqmVlsdife5XnFTGSIBBOkssLx0qnqcpCetuoCnQw== =jRl3 -----END PGP SIGNATURE----- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project