On 2014-08-28 10:58, Nicklas Björk wrote:
2014-08-27T14:45:19Z DEBUG stderr=pkispawn: WARNING ... unable
to validate security domain user/password through REST interface.
Interface not available
Digging a bit further I found the following in
/var/lib/pki-ca/logs/debug on the FreeIPA
I have been following this thread with great interest, as I have
encountered similar problems with our migration from 3.0.0-37 on CentOS
6.5 to 3.3.3-28 on CentOS 7. I have been able to solve a few of them
with manual patching, but there is still something going on that will
make the CA
Thanks for sticking in there with the debugging.
Let us know if you run into any issues with the re-install.
I will open a Dogtag ticket to look into the multiple certs issue for
Dogtag.
Ade
On Tue, 2014-08-05 at 21:30 -0700, Erinn Looney-Triggs wrote:
Ok I am throwing up the white flag on
On 08/05/2014 12:03 AM, Erinn Looney-Triggs wrote:
On 08/04/2014 01:51 PM, Ade Lee wrote:
OK - I suspect you may be running into an issue with serial number
generation. Each time we install a clone, we end up allocating a new
range of serial numbers for the clone.
The idea is to keep
On 08/04/2014 10:41 PM, Erinn Looney-Triggs wrote:
On 08/04/2014 08:46 AM, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 08/04/2014 04:01 AM, Martin Kosek wrote:
On 08/04/2014 04:45 AM, Erinn Looney-Triggs wrote:
Whether related or not I am getting the following in my
RHEL 6.5 IPA
On Tue, 2014-08-05 at 09:08 +0200, Martin Kosek wrote:
On 08/05/2014 12:03 AM, Erinn Looney-Triggs wrote:
On 08/04/2014 01:51 PM, Ade Lee wrote:
OK - I suspect you may be running into an issue with serial number
generation. Each time we install a clone, we end up allocating a new
range
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Here you go: dbs.beginReplicaNumber=1 dbs.beginRequestNumber=1
dbs.beginSerialNumber=1 dbs.enableSerialManagement=true
dbs.endReplicaNumber=50 dbs.endRequestNumber=990
dbs.endSerialNumber=ff6 dbs.ldap=internaldb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/04/2014 01:51 PM, Ade Lee wrote:
OK - I suspect you may be running into an issue with serial number
generation. Each time we install a clone, we end up allocating a
new range of serial numbers for the clone.
The idea is to keep
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ok I am throwing up the white flag on this one and starting anew.
Clearly there are several things broken down there in the murky
depths, and well I just don't trust my install all that much at this
point.
Thanks for all the help I really
On 08/04/2014 04:45 AM, Erinn Looney-Triggs wrote:
Whether related or not I am getting the following in my RHEL 6.5
IPA instance /var/log/dirsrv/slapd-PKI-CA/debug log:
[26/Jul/2014:20:23:23 +] slapi_ldap_bind - Error: could not
send startTLS re quest: error -1 (Can't contact
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/04/2014 08:46 AM, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 08/04/2014 04:01 AM, Martin Kosek wrote:
On 08/04/2014 04:45 AM, Erinn Looney-Triggs wrote:
Whether related or not I am getting the following in my
RHEL 6.5 IPA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/04/2014 01:51 PM, Ade Lee wrote:
OK - I suspect you may be running into an issue with serial number
generation. Each time we install a clone, we end up allocating a
new range of serial numbers for the clone.
The idea is to keep
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/30/2014 02:31 PM, Ade Lee wrote:
On Tue, 2014-07-29 at 17:49 -0700, Erinn Looney-Triggs wrote:
Ok, well I tried deleting it using certutil it deletes both,
I tried using keytool to see if it would work any better, no
dice there. I'll
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Whether related or not I am getting the following in my RHEL 6.5
IPA instance /var/log/dirsrv/slapd-PKI-CA/debug log:
[26/Jul/2014:20:23:23 +] slapi_ldap_bind - Error: could not
send startTLS re quest: error -1 (Can't contact LDAP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/30/2014 02:31 PM, Ade Lee wrote:
On Tue, 2014-07-29 at 17:49 -0700, Erinn Looney-Triggs wrote:
Ok, well I tried deleting it using certutil it deletes both,
I tried using keytool to see if it would work any better, no
dice there. I'll
On Tue, 2014-07-29 at 17:49 -0700, Erinn Looney-Triggs wrote:
Ok, well I tried deleting it using certutil it deletes both, I
tried using keytool to see if it would work any better, no dice
there. I'll try the rename, but at this point I am not holding my
breath on that, it seems all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ok, well I tried deleting it using certutil it deletes both, I
tried using keytool to see if it would work any better, no dice
there. I'll try the rename, but at this point I am not holding my
breath on that, it seems all operation are a bit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 08:04 AM, Ade Lee wrote:
On Mon, 2014-07-28 at 07:41 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 07:17 AM, Rob Crittenden wrote:
Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 07/27/2014 12:02 AM, Erinn Looney-Triggs
On Mon, 2014-07-28 at 08:26 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 08:04 AM, Ade Lee wrote:
On Mon, 2014-07-28 at 07:41 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 07:17 AM, Rob Crittenden wrote:
Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 07/27/2014 12:02 AM, Erinn
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 11:07 AM, Ade Lee wrote:
On Mon, 2014-07-28 at 08:26 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 08:04 AM, Ade Lee wrote:
On Mon, 2014-07-28 at 07:41 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 07:17 AM, Rob Crittenden
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 11:07 AM, Ade Lee wrote:
On Mon, 2014-07-28 at 08:26 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 08:04 AM, Ade Lee wrote:
On Mon, 2014-07-28 at 07:41 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 07:17 AM, Rob Crittenden
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 11:07 AM, Ade Lee wrote:
No exceptions thrown in the journal.
When investigating the cacert.p12 file that is bundled up for
the replica's I see two caSigningCert's. One is the older one,
before I renewed and one is the new,
On Mon, 2014-07-28 at 12:14 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 11:07 AM, Ade Lee wrote:
No exceptions thrown in the journal.
When investigating the cacert.p12 file that is bundled up for
the replica's I see two caSigningCert's. One is the older one,
before I renewed and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 12:20 PM, Ade Lee wrote:
On Mon, 2014-07-28 at 12:14 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 11:07 AM, Ade Lee wrote:
No exceptions thrown in the journal.
When investigating the cacert.p12 file that is bundled up
for
Erinn Looney-Triggs wrote:
On 07/28/2014 12:20 PM, Ade Lee wrote:
On Mon, 2014-07-28 at 12:14 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 11:07 AM, Ade Lee wrote:
No exceptions thrown in the journal.
When investigating the cacert.p12 file that is bundled up
for the replica's I see two
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 12:56 PM, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 07/28/2014 12:20 PM, Ade Lee wrote:
On Mon, 2014-07-28 at 12:14 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 11:07 AM, Ade Lee wrote:
No exceptions thrown in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 12:20 PM, Ade Lee wrote:
On Mon, 2014-07-28 at 12:14 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 11:07 AM, Ade Lee wrote:
No exceptions thrown in the journal.
When investigating the cacert.p12 file that is bundled up
for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 12:56 PM, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
On 07/28/2014 12:20 PM, Ade Lee wrote:
On Mon, 2014-07-28 at 12:14 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 11:07 AM, Ade Lee wrote:
No exceptions thrown in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/26/2014 07:12 PM, Erinn Looney-Triggs wrote:
On 07/26/2014 05:25 PM, Erinn Looney-Triggs wrote:
Well it hasn't been all the pretty trying to move from RHEL 6.5
to RHEL 7.
I have two servers providing my ipa instances ipa and ipa2.
Given
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/27/2014 12:02 AM, Erinn Looney-Triggs wrote:
On 07/26/2014 07:12 PM, Erinn Looney-Triggs wrote:
On 07/26/2014 05:25 PM, Erinn Looney-Triggs wrote:
Well it hasn't been all the pretty trying to move from RHEL
6.5 to RHEL 7.
I have two
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/26/2014 05:25 PM, Erinn Looney-Triggs wrote:
Well it hasn't been all the pretty trying to move from RHEL 6.5 to
RHEL 7.
I have two servers providing my ipa instances ipa and ipa2. Given
that I don't have a great deal of spare capacity
31 matches
Mail list logo