Hi all, I have a standard freeipa environment under rhel6.
One of my replica servers, lets call it "serverB" had issues and I eventually rebuilt it. I rebuilt and restored data, but something wasn't right. Replication wasn't working. I had tried to re-initialize replication but it didn't help. The last thing I did was to .... On serverB ipa-server-install --uninstall getcert list # remove the cert from being tracked (as per info shown after completion of ipa-server-install --uninstall getcert stop-tracking -i 20131216070540 rm /var/lib/ipa/replica-info-serverB.mydomain.com.gpg On server (the master) ipa host-del serverB.mydomain.com.gpg ipa-replica-manage del serverB.mydomain.com.gpg --force cd /var/lib/ipa rm replica-info- serverB.mydomain.com.gpg This all appeared fine, and seemingly removes serverB completely. So, I then set it back up as a replica in the normal way ,and this worked well. Replication is working and all looks good except for the FreeIPA Web interface. When I try to browse to https://serverB.mydomain.com/ipa/ui/ I get "unknown Error" in a popup box. In the apache error log I see.... [Mon Nov 10 02:08:37 2014] [error] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate I am not sure what "Peer" references - serverB locally? My gut feel is that perhaps there were leftover remnants (possibly in ipa httpd config) from after the uninstall and the reinstall didn't overwrite them.. Can anyone shed any light on the error above? Thanks in advance, Les
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
