Hi List,
I am running in to an issue joining a new replica to our IPA environment.
It’s worth noting that we have had issues with expired certs on our master server for a while but I thought we had resolved them, and when I connect to ports 443 and 636 on the master server I get certs back expiring in 2020.
So I have run IPA-client-install and the client joins successfully.
I can ‘kinit admin’ and kerberos auth appears to work.
When I run ipa-replica-install it hangs on step 27 restarting directory server.
When I check syslog I see that dirsrv has failed to restart, and the following message.
Jan 8 02:20:11 ds02 certmonger[8516]: 2019-01-08 02:20:11 [8516] Server at https://ds01.prod.xyz.internal/ipa/xml failed request, will retry: 907 (RPC failed at server. cannot connect to 'https://ds01.prod.xyz.internal:443/ca/eeca/ca/profileSubmitSSLClient': (SSL_ERROR_EXPIRED_CERT_ALERT) SSL peer rejected your certificate as expired.).
Where ds02 is the new replica I am installing and ds01 is the original master.
Running FreeIPA 4.3.1.
Any suggestions on how to move past this point would be greatly appreciated.
Thanks in advance.