Vinny Del Signore via FreeIPA-users wrote:
Hello all,
Has anyone seen this issue? We've tried to generate a new CA and SSL Cert.
*IPA v.3.0.0-50 *
# *rpm -qa | grep ipa-server* ipa-server-selinux-3.0.0-50.el6.1.x86_64 ipa-server-3.0.0-50.el6.1.x86_64
root ldap-srv /var/log/dirsrv/slapd-DOMAIN-COM #*ipa-replica-prepare --ip-address=10.10.xx.xx rtlvxl0055.test.local* Directory Manager (existing master) password:
Preparing replica for rtlvxl0055.test.local from ldap-srv.domain.com Creating SSL certificate for the Directory Server *preparation of replica failed: cannot connect to 'https://ldap-srv.domain..com:9444/ca/ee/ca/profileSubmitSSLClient': (PR_END_OF_FILE_ERROR) Encountered end of file.* *cannot connect to 'https://ldap-srv.domain..com:xxxx/ca/ee/ca/profileSubmitSSLClient': (PR_END_OF_FILE_ERROR) Encountered end of file.* File "/usr/sbin/ipa-replica-prepare", line 490, in <module> main()
File "/usr/sbin/ipa-replica-prepare", line 361, in main export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dscert", replica_fqdn, subject_base)
File "/usr/sbin/ipa-replica-prepare", line 150, in export_certdb raise e
root ldap-srv /var/log/dirsrv/slapd-DOMAIN-COM # root ldap-srv /var/log/dirsrv/slapd-DOMAIN-COM # rpm -qa | grep ipa-server ipa-server-selinux-3.0.0-50.el6.1.x86_64 ipa-server-3.0.0-50.el6.1.x86_64 root ldap-srv /var/log/dirsrv/slapd-DOMAIN-COM # uname -r 2.6.32-642.3.1.el6.x86_64 root ldap-srv /var/log/dirsrv/slapd-DOMAIN-COM # cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.6 (Santiago) root ldap-srv /var/log/dirsrv/slapd-DOMAIN-COM #
See if your CA is up, look for a running tomcat process, ensure that the certs aren't expired: getcert list | grep expires, check the debug log in /var/log/pki/<something>/debug
rob