On Wed, Sep 23, 2015 at 02:54:29AM +0000, Les Stott wrote: > > > > -----Original Message----- > > From: Fraser Tweedale [mailto:[email protected]] > > Sent: Wednesday, 23 September 2015 10:59 AM > > To: Les Stott > > Cc: Winfried de Heiden; [email protected] > > Subject: Re: [Freeipa-users] sec_error_reused_issuer_and_serial > > > > On Tue, Sep 22, 2015 at 09:52:38PM +0000, Les Stott wrote: > > > The only way to get around it, because you are using the same domain > > > name, is to use different browsers to visit each site. > > > Firefox for sitea, chrome for siteb. > > > > > It is not the only way; you can flush your browser cache / offline data for > > the > > site and cause the browswer to forget about the issuer. > > Certainly with Firefox this is possible (I don't use Chromium). > > > > This never worked for me. Or if it did, it made siteb accessible, but then > sitea had the ssl error and vice versa. > Yes, you have to keep doing it; it is not a permanent fix :)
> > Or you can use separate Firefox profiles (again I am unsure if Chromium has > > this feature) for the separate installations. > > > > Or for installations / experimentation, you can specify a different > > "Organization" component of the root issuer DN when installing FreeIPA. I > > include a "timestamp" when installing test servers: > > > > ipa-server-install --subject 'O=IPA.LOCAL 201508311610' > > Never knew about that option. It would make sense if something like that was > the default I think.... > I don't think we want it as a default. A `--test' flag that injects a timestamp or some randomness into the DN might be worthwhile. Cheers, Fraser > Thanks for the info. > > Regards, > > Les > > > > > Hope that helps! > > Fraser > > > > > It's got to do with the fact that the Parent certificate name (generated > > automatically during install) is the same on both and because the domain > > matches then firefox throws the ssl warning. > > > > > > I have the same thing in my environments for production and dr where the > > domain name is the same in both. > > > > > > Regards, > > > > > > Les > > > > > > From: [email protected] > > > [mailto:[email protected]] On Behalf Of Winfried de > > > Heiden > > > Sent: Tuesday, 22 September 2015 10:27 PM > > > To: [email protected] > > > Subject: [Freeipa-users] sec_error_reused_issuer_and_serial > > > > > > Hi all, > > > > > > Playing around with freeipa on Fedora 22 after installing I cannot access > > > the > > UI. Firefox will tell "sec_error_reused_issuer_and_serial". > > > > > > I allready have an Freeipa (Fedora 21 based) and somewhere there seems > > to be a conflict in the certificates. After using a different domain name > > all > > goes well. > > > > > > I want to test and try a few things on a test Freeipa server using the > > > same > > domain name. Deleting all certicates in Firefox or even trying a new and > > clean > > profile did not help. How can I avoid this conflict? > > > > > > Winfried > > > > > > > > -- > > > Manage your subscription for the Freeipa-users mailing list: > > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > Go to http://freeipa.org for more info on the project > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
