#6488 ipa-replica-install in CA-less environment does not configure DS TLS
Closed: Duplicate None Opened 7 years ago by ftweedal.

Installing CA-less IPA server, then installing replica from the
first master, results in DS on replica not being configured for
TLS/STARTSSL.

Install master:

ipa-server-install \
  --ca-cert-file ca1.pem \
  --http-cert-file ca1/server.p12 --http-pin 4me2Test \
  --dirsrv-cert-file ca1/server.p12 --dirsrv-pin 4me2Test \
  --ds-password 4me2Test --admin-password 4me2Test \
  --realm IPA.LOCAL --domain ipa.local --unattended

Install replica:

ipa-replica-install \
  --http-cert-file ca1/replica.p12 --http-pin 4me2Test \
  --dirsrv-cert-file ca1/replica.p12 --dirsrv-pin 4me2Test \
  --admin-password 4me2Test --unattended

Observe lack of SSL-ness:

[f24b-1:~] root# nc -v localhost 636                     
Ncat: Version 7.12 ( https://nmap.org/ncat )
Ncat: Connection to ::1 failed: Connection refused.
Ncat: Trying next address...
Ncat: Connection refused.



[f24b-1:/etc/dirsrv/slapd-IPA-LOCAL] root# certutil -d . -L

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

ca1                                                          C,,

Wow... the similarity in issue title is amazing! I did not see #6226 :O

Metadata Update from @ftweedal:
- Issue assigned to someone
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

7 years ago

Login to comment on this ticket.

Metadata