As user , I want to have a freeipa server and a client replica promoted to a server. Server installation is seamless, during the client installation haveing the below issue.
[description of the issue] During ipa_client_install i'm getting the error below.
ipa : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' ipa : DEBUG Configuring client side components ipa : DEBUG Starting external process ipa : DEBUG args=/usr/sbin/ipa-client-install --unattended --no-ntp --domain example.test --server freeipa-0.example.test --realm EXAMPLE.TEST --hostname freeipa-1.example.test --principal admin --ssh-trust-dns Client hostname: freeipa-1.example.test Realm: EXAMPLE.TEST DNS Domain: example.test IPA Server: freeipa-0.example.test BaseDN: dc=example,dc=test Skipping synchronizing time with NTP server. Successfully retrieved CA cert Subject: CN=Certificate Authority,O=EXAMPLE.TEST Issuer: CN=Certificate Authority,O=EXAMPLE.TEST Valid From: Thu Oct 18 06:58:20 2018 UTC Valid Until: Mon Oct 18 06:58:20 2038 UTC
Joining realm failed: libcurl failed to execute the HTTP POST transaction, explaining: Issuer certificate is invalid.
Installation failed. Rolling back changes. Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Unconfiguring the NIS domain. nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration
It is happening only in this environment.
client installation fails.
client intallation followed by replica install need to be successful
Dockerised fedora-25 base image which has freeipa 4.4.4 version. Not using external CA.
The same docker image is successfully installed in local environment, seeing the issue for the first time.
The server certificate is invalid: libcurl failed to execute the HTTP POST transaction, explaining: Issuer certificate is invalid.. You can get more information about the failing certificate with either curl -v https://freeipa-0.example.test -o /dev/null or openssl s_client -connect freeipa-0.example.test:443.
libcurl failed to execute the HTTP POST transaction, explaining: Issuer certificate is invalid.
curl -v https://freeipa-0.example.test -o /dev/null
openssl s_client -connect freeipa-0.example.test:443
By the way, Fedora 25 and FreeIPA 4.4 are really old and no longer supported. Please upgrade to at least Fedora 27.
Metadata Update from @cheimes: - Issue assigned to cheimes
Metadata Update from @cheimes: - Issue set to the milestone: FreeIPA 4.4.4
Neither Fedora 25 nor FreeIPA 4.4 are supported any more. Please update to Fedora 27 or newer.
Metadata Update from @cheimes: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.