[Freeipa-users] Re: CA server install on existing server fails - FreeIPA 4.5.0
Oh. I'm sorry I mis-understood. [jseekins@ops-freeipa-ops-1 ~]$ sudo yum list ipa-server [sudo] password for jseekins: Loaded plugins: amazon-id, rhui-lb, search-disabled-repos Installed Packages ipa-server.x86_64 4.5.0-22.el7_4 @rhui-REGION-rhel-server-releases On Tue, Mar 6, 2018 at 12:25 PM Rob Crittenden <rcrit...@redhat.com> wrote: > John Seekins wrote: > > Rob, > > Fraser did answer my question, but... > > As the initial email topic notes, this is FreeIPA 4.5.0. And yes, I was > > trying to convert from CA-less to CA-full install. > > And Fraser found the exact problem I was running into. > > Right, Fraser fixed this upstream in master to happen automatically. > > I asked so I could check whether this had been backported so I was > looking for the exact release you were using (e.g. > [free]ipa-server-4.5-0.x.y.z). > > Either way glad it's working now. > > rob > > > > > On Tue, Mar 6, 2018 at 11:58 AM Rob Crittenden <rcrit...@redhat.com > > <mailto:rcrit...@redhat.com>> wrote: > > > > John Seekins via FreeIPA-users wrote: > > > On a RHEL 7 box, I installed the ipa-server package and set up a > > server without a CA successfully. Then I tried to manually add the > > CA functionality afterwards and, while the install appeared to work, > > the server can't properly access the dogtag instance through the > > proxy, which breaks a lot of functionality. > > > > > > Logs here: > > > > https://gist.github.com/johnseekins/d1a117c568f7895ec0e7fa588aba745d > > > > > > What am I doing wrong here? > > > > What version of IPA is this? Are you trying to do a CA-less install > and > > converting it to a CA-ful install? > > > > > > rob > > > > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: CA server install on existing server fails - FreeIPA 4.5.0
Rob, Fraser did answer my question, but... As the initial email topic notes, this is FreeIPA 4.5.0. And yes, I was trying to convert from CA-less to CA-full install. And Fraser found the exact problem I was running into. On Tue, Mar 6, 2018 at 11:58 AM Rob Crittenden <rcrit...@redhat.com> wrote: > John Seekins via FreeIPA-users wrote: > > On a RHEL 7 box, I installed the ipa-server package and set up a server > without a CA successfully. Then I tried to manually add the CA > functionality afterwards and, while the install appeared to work, the > server can't properly access the dogtag instance through the proxy, which > breaks a lot of functionality. > > > > Logs here: > > https://gist.github.com/johnseekins/d1a117c568f7895ec0e7fa588aba745d > > > > What am I doing wrong here? > > What version of IPA is this? Are you trying to do a CA-less install and > converting it to a CA-ful install? > > > rob > ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: CA server install on existing server fails - FreeIPA 4.5.0
Alright. Thanks for looking in to it. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: CA server install on existing server fails - FreeIPA 4.5.0
Manually installing the cert at /etc/ipa/ca.cert and restarting Apache fixes the error, but it seems like whenever a cert renewal happens, I'll have to manually update it again. Which seems brittle. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org