Richard Megginson wrote:
Susan wrote:
> --- Richard Megginson <rmeggins(a)redhat.com> wrote:
> susan:
>
>
>>> "CT,," -a -i cnjldap01.cert.asc certutil: could not obtain
>>> certificate from file: You are attempting to import a cert with the
>>> same issuer/serial as an existing cert, but that is not the same cert.
>>>
>>> What do you think? Both the supplier's and the consumer's CA certs
>>> were created with identical
>>> password/noise files. Is that a problem?
>>>
>>>
>>>
>>
>> It seems that you already have the CA cert in the consumer cert db.
>>
>
>
>
> well, I recreated the cert DB on the supplier and the consumer, using
> different passwords and
> noise files and it worked fine after that. I guess identical
> passwords/noise produce identical
> certs and that's not allowed.
>
No, that should be ok - are you sure you gave each cert a unique serial
number?
Really all you need to do is generate a single CA certificate and use
that to sign both the supplier and consumer certificates. Each server
doesn't need its own CA.
rob