Re: [Freeipa-users] While attempting to make a replica....I get this failure....
=== [root@fed14-64-ipam001 init.d]# certutil -L -d /etc/httpd/alias Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Signing-Cert u,u,u IPA.AC.NZ IPA CA CT,C,C ipaCert u,u,u Server-Cert u,u,u [root@fed14-64-ipam001 init.d]# === regards On Mon, 2011-02-28 at 10:50 -0500, Rob Crittenden wrote: > Steven Jones wrote: > > > > [root@fed14-64-ipam001 jonesst1]# ipa-replica-prepare > > fed14-64-ipam002.ipa.ac.nz > > Directory Manager (existing master) password: > > > > Preparing replica for fed14-64-ipam002.ipa.ac.nz from > > fed14-64-ipam001.ipa.ac.nz > > Creating SSL certificate for the Directory Server > > ipa: INFO: sslget > > 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient' > > Creating SSL certificate for the Web Server > > ipa: INFO: sslget > > 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient' > > preparation of replica failed: cannot connect to > > 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': > > [Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or > > key necessary for authentication. > > cannot connect to > > 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': > > [Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or > > key necessary for authentication. > >File "/usr/sbin/ipa-replica-prepare", line 431, in > > main() > > > >File "/usr/sbin/ipa-replica-prepare", line 363, in main > > export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "httpcert", > > replica_fqdn, subject_base) > > > >File "/usr/sbin/ipa-replica-prepare", line 136, in export_certdb > > raise e > > > > > > If I go to the URL I get, > > > > > > > > The Certificate System has encountered an unrecoverable error. > > > > Error Message: > > java.lang.NullPointerException > > > > Please contact your local administrator for assistance. > > > > > > ??? > > > > regards > > Can you provide the output of: > > # certutil -L -d /etc/httpd/alias > > During installation dogtag provides us with an RA agent certificate that > we use to communicate with the CA. This certificate should be stored in > /etc/httpd/alias. > > rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] While attempting to make a replica....I get this failure....
Steven Jones wrote: [root@fed14-64-ipam001 jonesst1]# ipa-replica-prepare fed14-64-ipam002.ipa.ac.nz Directory Manager (existing master) password: Preparing replica for fed14-64-ipam002.ipa.ac.nz from fed14-64-ipam001.ipa.ac.nz Creating SSL certificate for the Directory Server ipa: INFO: sslget 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient' Creating SSL certificate for the Web Server ipa: INFO: sslget 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient' preparation of replica failed: cannot connect to 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key necessary for authentication. cannot connect to 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key necessary for authentication. File "/usr/sbin/ipa-replica-prepare", line 431, in main() File "/usr/sbin/ipa-replica-prepare", line 363, in main export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "httpcert", replica_fqdn, subject_base) File "/usr/sbin/ipa-replica-prepare", line 136, in export_certdb raise e If I go to the URL I get, The Certificate System has encountered an unrecoverable error. Error Message: java.lang.NullPointerException Please contact your local administrator for assistance. ??? regards Can you provide the output of: # certutil -L -d /etc/httpd/alias During installation dogtag provides us with an RA agent certificate that we use to communicate with the CA. This certificate should be stored in /etc/httpd/alias. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] While attempting to make a replica....I get this failure....
[root@fed14-64-ipam001 jonesst1]# ipa-replica-prepare fed14-64-ipam002.ipa.ac.nz Directory Manager (existing master) password: Preparing replica for fed14-64-ipam002.ipa.ac.nz from fed14-64-ipam001.ipa.ac.nz Creating SSL certificate for the Directory Server ipa: INFO: sslget 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient' Creating SSL certificate for the Web Server ipa: INFO: sslget 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient' preparation of replica failed: cannot connect to 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key necessary for authentication. cannot connect to 'https://fed14-64-ipam001.ipa.ac.nz:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -12285] (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key necessary for authentication. File "/usr/sbin/ipa-replica-prepare", line 431, in main() File "/usr/sbin/ipa-replica-prepare", line 363, in main export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "httpcert", replica_fqdn, subject_base) File "/usr/sbin/ipa-replica-prepare", line 136, in export_certdb raise e If I go to the URL I get, The Certificate System has encountered an unrecoverable error. Error Message: java.lang.NullPointerException Please contact your local administrator for assistance. ??? regards ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users