Installing CA-less IPA server, then installing replica from the first master, results in DS on replica not being configured for TLS/STARTSSL.
Install master:
ipa-server-install \ --ca-cert-file ca1.pem \ --http-cert-file ca1/server.p12 --http-pin 4me2Test \ --dirsrv-cert-file ca1/server.p12 --dirsrv-pin 4me2Test \ --ds-password 4me2Test --admin-password 4me2Test \ --realm IPA.LOCAL --domain ipa.local --unattended
Install replica:
ipa-replica-install \ --http-cert-file ca1/replica.p12 --http-pin 4me2Test \ --dirsrv-cert-file ca1/replica.p12 --dirsrv-pin 4me2Test \ --admin-password 4me2Test --unattended
Observe lack of SSL-ness:
[f24b-1:~] root# nc -v localhost 636 Ncat: Version 7.12 ( https://nmap.org/ncat ) Ncat: Connection to ::1 failed: Connection refused. Ncat: Trying next address... Ncat: Connection refused. [f24b-1:/etc/dirsrv/slapd-IPA-LOCAL] root# certutil -d . -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI ca1 C,,
This is effectively a dup of #6488 it is blocked by https://bugzilla.redhat.com/show_bug.cgi?id=1377413
Sorry, dup of #6226
Wow... the similarity in issue title is amazing! I did not see #6226 :O
Metadata Update from @ftweedal: - Issue assigned to someone - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Login to comment on this ticket.