Günther J. Niederwimmer via FreeIPA-users wrote:
Am Freitag, 3. Januar 2020, 16:27:38 CET schrieb Rob Crittenden via
FreeIPA-
users:
> Günther J. Niederwimmer via FreeIPA-users wrote:
>
>> Hallo,
>>
>> Am Donnerstag, 2. Januar 2020, 21:37:31 CET schrieb Rob Crittenden via
>> FreeIPA-users:
>>
>>> Günther J. Niederwimmer via FreeIPA-users wrote:
>>>
>>>
>>>
>>>> Am Donnerstag, 2. Januar 2020, 19:46:47 CET schrieb Rob Crittenden via
>>>> FreeIPA-users:
>>>>
>>>>
>>>>
>>>>> Günther J. Niederwimmer via FreeIPA-users wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> this is a new installed Server CentOS 7.7
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> but it is not possible to configure this for IPA replica
>>>>>> I have this Error
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ipapython.admintool: ERROR [0:0:6]+[128:32:0] not in asn1Spec:
>>>>>>
GeneralName(componentType=NamedTypes(NamedType('rfc822Name',
>>>>>> IA5String(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0,
>>>>>> tagId=1)))),
>>>>>>
>>>>>>
>>>>>>
>>>>>> NamedType('dNSName', IA5String(tagSet=TagSet((),
Tag(tagClass=128,
>>>>>> tagFormat=0, tagId=2)))), NamedType('directoryName',
>>>>>> Name(componentType=NamedTypes(NamedType('',
RDNSequence())),
>>>>>> tagSet=TagSet((),
>>>>
>>>>
>>>> Tag(tagClass=128, tagFormat=0, tagId=4)))),
>>>>
>>>>
>>>>>> NamedType('uniformResourceIdentifier',
IA5String(tagSet=TagSet((),
>>>>>> Tag(tagClass=128, tagFormat=0, tagId=6)))),
NamedType('iPAddress',
>>>>>> OctetString(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0,
>>>>>> tagId=7)))),
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> NamedType('registeredID', ObjectIdentifier('<no
value>'))))
>>>>>> ipapython.admintool: ERROR The ipa-replica-install command
failed.
>>>>>> See
>>>>>> /
>>>>
>>>>
>>>> var/log/ipareplica-install.log for more information
>>>>
>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> I install before ipa-client-install, this is working but
afterward
>>>>>> for
>>>>>> the
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>> replica i Have this Problem?
>>>>
>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> firewall Ports are open.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> More context from the log would help.
>>>>
>>>>
>>>>
>>>> I send it to you Rob
>>>>
>>>>
>>>>
>>>>
>>>>> And can you confirm what version of python-pyasn1 is installed, and
>>>>> that
>>>>> you don't have a pip-version installed.
>>>>
>>>>
>>>>
>>>> this version is installed
>>>> Paket python2-pyasn1-0.1.9-7.el7.noarch
>>>>
>>>>
>>>>
>>>> normal installation
>>>
>>>
>>>
>>>
>>> It is blowing up trying to fetch the subject-alt names out of the Apache
>>> cert on the original master (ipa.xxx.xxx). You didn't happen to replace
>>> the Apache cert on ipa.xxx.xxx did you?
>>
>>
>> NO, this is a "normal" Installation without changing anything ?
>>
>> I make no experiments with certificates?
>>
>> the only thing I remember
>> I have set in host
>>
>> xxx.xxx.xxx.xxx
ipa.example.com
>> 2000:yy:yy:yy:yy
ipa.example.com
>> xxx.xxx.xxx.xxx ipa.example.com.lan
>>
>>
>>
>>
>>> Can you provide the PEM for that cert?
>>>
>>
>>
>>> On ipa.xxx.xxx:
>>> # certutil -L -d /etc/httpd/alias -n Server-Cert -a
>>
>>
>> I have a normal certificate
>> -----BEGIN CERTIFICATE-----
>> ................................
>> ................
>> .........
>> -----END CERTIFICATE-----
>>
>>
>
>
> It could be useful for us to see the contents of the cert to see if we
> can duplicate the failure.
OK is on the way ;)
Can you provide the output of:
python -c 'from urllib3.contrib import pyopenssl'
rob