On 2014-08-28 10:58, Nicklas Björk wrote:
> 2014-08-27T14:45:19Z DEBUG stderr=pkispawn: WARNING ... unable
> to validate security domain user/password through REST interface.
> Interface not available
Digging a bit further I found the following in
/var/lib/pki-ca/logs/debug on the FreeIPA
I have been following this thread with great interest, as I have
encountered similar problems with our migration from 3.0.0-37 on CentOS
6.5 to 3.3.3-28 on CentOS 7. I have been able to solve a few of them
with manual patching, but there is still something going on that will
make the CA replication
Thanks for sticking in there with the debugging.
Let us know if you run into any issues with the re-install.
I will open a Dogtag ticket to look into the multiple certs issue for
Dogtag.
Ade
On Tue, 2014-08-05 at 21:30 -0700, Erinn Looney-Triggs wrote:
> Ok I am throwing up the white flag on thi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ok I am throwing up the white flag on this one and starting anew.
Clearly there are several things broken down there in the murky
depths, and well I just don't trust my install all that much at this
point.
Thanks for all the help I really appreciate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/04/2014 01:51 PM, Ade Lee wrote:
> OK - I suspect you may be running into an issue with serial number
> generation. Each time we install a clone, we end up allocating a
> new range of serial numbers for the clone.
>
> The idea is to keep sep
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
>>>
>>>
>>> Here you go: dbs.beginReplicaNumber=1 dbs.beginRequestNumber=1
>>> dbs.beginSerialNumber=1 dbs.enableSerialManagement=true
>>> dbs.endReplicaNumber=50 dbs.endRequestNumber=990
>>> dbs.endSerialNumber=ff6 dbs.ldap=internaldb
On Tue, 2014-08-05 at 09:08 +0200, Martin Kosek wrote:
> On 08/05/2014 12:03 AM, Erinn Looney-Triggs wrote:
> > On 08/04/2014 01:51 PM, Ade Lee wrote:
> >> OK - I suspect you may be running into an issue with serial number
> >> generation. Each time we install a clone, we end up allocating a new
On 08/04/2014 10:41 PM, Erinn Looney-Triggs wrote:
> On 08/04/2014 08:46 AM, Rob Crittenden wrote:
>> Erinn Looney-Triggs wrote:
>>> On 08/04/2014 04:01 AM, Martin Kosek wrote:
On 08/04/2014 04:45 AM, Erinn Looney-Triggs wrote:
>
>
>
>
>> Whether related or not I am getting
On 08/05/2014 12:03 AM, Erinn Looney-Triggs wrote:
> On 08/04/2014 01:51 PM, Ade Lee wrote:
>> OK - I suspect you may be running into an issue with serial number
>> generation. Each time we install a clone, we end up allocating a new
>> range of serial numbers for the clone.
>
>> The idea is to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/04/2014 01:51 PM, Ade Lee wrote:
> OK - I suspect you may be running into an issue with serial number
> generation. Each time we install a clone, we end up allocating a
> new range of serial numbers for the clone.
>
> The idea is to keep sep
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/04/2014 08:46 AM, Rob Crittenden wrote:
> Erinn Looney-Triggs wrote:
>> On 08/04/2014 04:01 AM, Martin Kosek wrote:
>>> On 08/04/2014 04:45 AM, Erinn Looney-Triggs wrote:
> Whether related or not I am getting the fol
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/04/2014 11:48 AM, Ade Lee wrote:
> OK - so its not really even getting started on the install. My
> guess is there is some cruft from previous installs/uninstalls that
> was not cleaned up. Is there anything in the directory server logs
> on
Erinn Looney-Triggs wrote:
> On 08/04/2014 04:01 AM, Martin Kosek wrote:
>> On 08/04/2014 04:45 AM, Erinn Looney-Triggs wrote:
>>>
>>>
>>>
>>>
Whether related or not I am getting the following in my RHEL
6.5 IPA instance /var/log/dirsrv/slapd-PKI-CA/debug log:
>>>
[26/Jul/2014:20:23:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/04/2014 04:01 AM, Martin Kosek wrote:
> On 08/04/2014 04:45 AM, Erinn Looney-Triggs wrote:
>>
>>
>>
>>
>>> Whether related or not I am getting the following in my RHEL
>>> 6.5 IPA instance /var/log/dirsrv/slapd-PKI-CA/debug log:
>>
>>> [26
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 08/04/2014 06:36 AM, Ade Lee wrote:
>>
>> Well here is probably the pertinent part of the debug log,
>> though there is a lot more when the clone is setting up:
>> [31/Jul/2014:13:23:53][TP-Processor3]: AuthMgrName:
>> certUserDBAuthMgr [31/Jul/
On Thu, 2014-07-31 at 06:27 -0700, Erinn Looney-Triggs wrote:
> On 07/30/2014 02:31 PM, Ade Lee wrote:
> > On Tue, 2014-07-29 at 17:49 -0700, Erinn Looney-Triggs wrote:
>
> >>
> Ok, well I tried deleting it using certutil it deletes both,
> I tried using keytool to see if it would
On 08/04/2014 04:45 AM, Erinn Looney-Triggs wrote:
>
>
>
>
>> Whether related or not I am getting the following in my RHEL 6.5
>> IPA instance /var/log/dirsrv/slapd-PKI-CA/debug log:
>
>> [26/Jul/2014:20:23:23 +] slapi_ldap_bind - Error: could not
>> send startTLS re quest: error -1 (Can't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
>
>
>
> Whether related or not I am getting the following in my RHEL 6.5
> IPA instance /var/log/dirsrv/slapd-PKI-CA/debug log:
>
> [26/Jul/2014:20:23:23 +] slapi_ldap_bind - Error: could not
> send startTLS re quest: error -1 (Can't contact
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/30/2014 02:31 PM, Ade Lee wrote:
> On Tue, 2014-07-29 at 17:49 -0700, Erinn Looney-Triggs wrote:
>>
Ok, well I tried deleting it using certutil it deletes both,
I tried using keytool to see if it would work any better, no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/30/2014 02:31 PM, Ade Lee wrote:
> On Tue, 2014-07-29 at 17:49 -0700, Erinn Looney-Triggs wrote:
>>
Ok, well I tried deleting it using certutil it deletes both,
I tried using keytool to see if it would work any better, no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/30/2014 02:31 PM, Ade Lee wrote:
> On Tue, 2014-07-29 at 17:49 -0700, Erinn Looney-Triggs wrote:
>>
Ok, well I tried deleting it using certutil it deletes both,
I tried using keytool to see if it would work any better, no
On Tue, 2014-07-29 at 17:49 -0700, Erinn Looney-Triggs wrote:
> >>
>
> >> Ok, well I tried deleting it using certutil it deletes both, I
> >> tried using keytool to see if it would work any better, no dice
> >> there. I'll try the rename, but at this point I am not holding my
> >> breath on that,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
>>
>> Ok, well I tried deleting it using certutil it deletes both, I
>> tried using keytool to see if it would work any better, no dice
>> there. I'll try the rename, but at this point I am not holding my
>> breath on that, it seems all operation a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 12:56 PM, Rob Crittenden wrote:
> Erinn Looney-Triggs wrote:
>> On 07/28/2014 12:20 PM, Ade Lee wrote:
>>> On Mon, 2014-07-28 at 12:14 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 11:07 AM, Ade Lee wrote:
>>
>> No excep
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 12:20 PM, Ade Lee wrote:
> On Mon, 2014-07-28 at 12:14 -0700, Erinn Looney-Triggs wrote:
>> On 07/28/2014 11:07 AM, Ade Lee wrote:
No exceptions thrown in the journal.
When investigating the cacert.p12 file that is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 12:56 PM, Rob Crittenden wrote:
> Erinn Looney-Triggs wrote:
>> On 07/28/2014 12:20 PM, Ade Lee wrote:
>>> On Mon, 2014-07-28 at 12:14 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 11:07 AM, Ade Lee wrote:
>>
>> No excep
Erinn Looney-Triggs wrote:
> On 07/28/2014 12:20 PM, Ade Lee wrote:
>> On Mon, 2014-07-28 at 12:14 -0700, Erinn Looney-Triggs wrote:
>>> On 07/28/2014 11:07 AM, Ade Lee wrote:
>
> No exceptions thrown in the journal.
>
> When investigating the cacert.p12 file that is bundled up
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 12:20 PM, Ade Lee wrote:
> On Mon, 2014-07-28 at 12:14 -0700, Erinn Looney-Triggs wrote:
>> On 07/28/2014 11:07 AM, Ade Lee wrote:
No exceptions thrown in the journal.
When investigating the cacert.p12 file that is
On Mon, 2014-07-28 at 12:14 -0700, Erinn Looney-Triggs wrote:
> On 07/28/2014 11:07 AM, Ade Lee wrote:
> >>
> >> No exceptions thrown in the journal.
> >>
> >> When investigating the cacert.p12 file that is bundled up for
> >> the replica's I see two caSigningCert's. One is the older one,
> >> be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 11:07 AM, Ade Lee wrote:
>>
>> No exceptions thrown in the journal.
>>
>> When investigating the cacert.p12 file that is bundled up for
>> the replica's I see two caSigningCert's. One is the older one,
>> before I renewed and one is t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 11:07 AM, Ade Lee wrote:
> On Mon, 2014-07-28 at 08:26 -0700, Erinn Looney-Triggs wrote:
>> On 07/28/2014 08:04 AM, Ade Lee wrote:
>>> On Mon, 2014-07-28 at 07:41 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 07:17 AM, Rob Critte
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 11:07 AM, Ade Lee wrote:
> On Mon, 2014-07-28 at 08:26 -0700, Erinn Looney-Triggs wrote:
>> On 07/28/2014 08:04 AM, Ade Lee wrote:
>>> On Mon, 2014-07-28 at 07:41 -0700, Erinn Looney-Triggs wrote:
On 07/28/2014 07:17 AM, Rob Critte
On Mon, 2014-07-28 at 08:26 -0700, Erinn Looney-Triggs wrote:
> On 07/28/2014 08:04 AM, Ade Lee wrote:
> > On Mon, 2014-07-28 at 07:41 -0700, Erinn Looney-Triggs wrote:
> >> On 07/28/2014 07:17 AM, Rob Crittenden wrote:
> >>> Rob Crittenden wrote:
> Erinn Looney-Triggs wrote:
> > On 07/27/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 08:04 AM, Ade Lee wrote:
> On Mon, 2014-07-28 at 07:41 -0700, Erinn Looney-Triggs wrote:
>> On 07/28/2014 07:17 AM, Rob Crittenden wrote:
>>> Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
> On 07/27/2014 12:02 AM, Erinn Loon
On Mon, 2014-07-28 at 07:41 -0700, Erinn Looney-Triggs wrote:
> On 07/28/2014 07:17 AM, Rob Crittenden wrote:
> > Rob Crittenden wrote:
> >> Erinn Looney-Triggs wrote:
> >>> On 07/27/2014 12:02 AM, Erinn Looney-Triggs wrote:
> On 07/26/2014 07:12 PM, Erinn Looney-Triggs wrote:
> > On 07/26
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/28/2014 07:17 AM, Rob Crittenden wrote:
> Rob Crittenden wrote:
>> Erinn Looney-Triggs wrote:
>>> On 07/27/2014 12:02 AM, Erinn Looney-Triggs wrote:
On 07/26/2014 07:12 PM, Erinn Looney-Triggs wrote:
> On 07/26/2014 05:25 PM, Erinn Loo
Rob Crittenden wrote:
> Erinn Looney-Triggs wrote:
>> On 07/27/2014 12:02 AM, Erinn Looney-Triggs wrote:
>>> On 07/26/2014 07:12 PM, Erinn Looney-Triggs wrote:
On 07/26/2014 05:25 PM, Erinn Looney-Triggs wrote:
> Well it hasn't been all the pretty trying to move from RHEL
> 6.5 to RHEL
Erinn Looney-Triggs wrote:
> On 07/27/2014 12:02 AM, Erinn Looney-Triggs wrote:
>> On 07/26/2014 07:12 PM, Erinn Looney-Triggs wrote:
>>> On 07/26/2014 05:25 PM, Erinn Looney-Triggs wrote:
Well it hasn't been all the pretty trying to move from RHEL
6.5 to RHEL 7.
>
I have two server
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/27/2014 12:02 AM, Erinn Looney-Triggs wrote:
> On 07/26/2014 07:12 PM, Erinn Looney-Triggs wrote:
>> On 07/26/2014 05:25 PM, Erinn Looney-Triggs wrote:
>>> Well it hasn't been all the pretty trying to move from RHEL
>>> 6.5 to RHEL 7.
>
>>> I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/26/2014 07:12 PM, Erinn Looney-Triggs wrote:
> On 07/26/2014 05:25 PM, Erinn Looney-Triggs wrote:
>> Well it hasn't been all the pretty trying to move from RHEL 6.5
>> to RHEL 7.
>
>> I have two servers providing my ipa instances ipa and ipa2.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/26/2014 05:25 PM, Erinn Looney-Triggs wrote:
> Well it hasn't been all the pretty trying to move from RHEL 6.5 to
> RHEL 7.
>
> I have two servers providing my ipa instances ipa and ipa2. Given
> that I don't have a great deal of spare capaci
41 matches
Mail list logo