[Freeipa-users] Re: Can't create new CA replica

2017-11-17 Thread John Bowman via FreeIPA-users
Running in debug mode definitely shows a recently expired cert and running it again this time only shows the correct hostname now unlike before. Is this cert something that I can regenerate/renew? I'll find out about getting a new host to test with as well. [root@ipa1 ~]# ipa-replica-prepare

[Freeipa-users] Re: Can't create new CA replica

2017-11-16 Thread Rob Crittenden via FreeIPA-users
john.bowman--- via FreeIPA-users wrote: > Still looking for any ideas on this one so giving it a bump. Next time please don't wipe out all the context. Fraser, it seems to be having a problem connecting to the security domain. The full thread is at

[Freeipa-users] Re: Can't create new CA replica

2017-11-16 Thread john.bowman--- via FreeIPA-users
Still looking for any ideas on this one so giving it a bump. ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: Can't create new CA replica

2017-10-30 Thread john.bowman--- via FreeIPA-users
I've finally had a chance to make this attempt and after running the clean up: # python /usr/share/pki/scripts/restore-subsystem-user.py -v Subsystem certificate: 2;4;CN=Certificate Authority,O=DOMAIN.TLD;CN=CA Subsystem,O=DOMAIN.TLD -BEGIN CERTIFICATE- *snip* -END CERTIFICATE-

[Freeipa-users] Re: Can't create new CA replica

2017-08-18 Thread Petr Vobornik via FreeIPA-users
On Tue, Aug 15, 2017 at 7:57 PM, john.bowman--- via FreeIPA-users wrote: > Looks like I missed your answers. > > Question: Do I need to run that command on all RHEL6 CA servers or just one > of them? (We currently have 2 RHEL 6 CA servers.) Which command?

[Freeipa-users] Re: Can't create new CA replica

2017-08-15 Thread john.bowman--- via FreeIPA-users
Looks like I missed your answers. Question: Do I need to run that command on all RHEL6 CA servers or just one of them? (We currently have 2 RHEL 6 CA servers.) Thank you for the reply! ___ FreeIPA-users mailing list --

[Freeipa-users] Re: Can't create new CA replica

2017-08-02 Thread Fraser Tweedale via FreeIPA-users
On Thu, Jul 06, 2017 at 02:17:40PM -0400, Rob Crittenden wrote: > john.bowman--- via FreeIPA-users wrote: > > Since taking over our FreeIPA environment I've been unable to create a new > > CA replica. A bunch of failed attempts and upgrades over the last year and > > I keep running in to

[Freeipa-users] Re: Can't create new CA replica

2017-07-06 Thread Rob Crittenden via FreeIPA-users
john.bowman--- via FreeIPA-users wrote: > Since taking over our FreeIPA environment I've been unable to create a new CA > replica. A bunch of failed attempts and upgrades over the last year and I > keep running in to issues. After my latest attempt I noticed something that > I had not seen