I installed ipa server with the --no-pkinit option.
I'm not trying to run ipa-replica-prepare for my slave.
It runs openssl, and it cannot find cacert.pm. This is related to the --no-pkinit flag right?
Any work arounds? Or is this in the process of being fixed?
I'm getting this error:
[root@qe-blade-05 shm]# ipa-replica-prepare --ip-address=10.16.76.43 qe-blade-12.idm.lab.bos.redhat.com Directory Manager (existing master) password:
Preparing replica for qe-blade-12.idm.lab.bos.redhat.com from qe-blade-05.testrelm Creating SSL certificate for the Directory Server Creating SSL certificate for the Web Server Exporting RA certificate Creating SSL certificate for the KDC preparation of replica failed: Command '/usr/bin/openssl pkcs12 -in /etc/httpd/alias/cacert.p12 -passin file:/etc/httpd/alias/pwdfile.txt -passout file:/var/lib/ipa/ipa-gGUmOqpwdfile.txt -out cacert.pem' returned non-zero exit status 1 Command '/usr/bin/openssl pkcs12 -in /etc/httpd/alias/cacert.p12 -passin file:/etc/httpd/alias/pwdfile.txt -passout file:/var/lib/ipa/ipa-gGUmOqpwdfile.txt -out cacert.pem' returned non-zero exit status 1 File "/usr/sbin/ipa-replica-prepare", line 411, in <module> main()
File "/usr/sbin/ipa-replica-prepare", line 374, in main is_kdc=True)
File "/usr/sbin/ipa-replica-prepare", line 140, in export_certdb raise e
Fixed in: e1d6f9c
Metadata Update from @rcritten: - Issue assigned to simo - Issue set to the milestone: FreeIPA 2.0 - 2010/11
Login to comment on this ticket.