As <persona, e.g. admin> , I want <what?> so that <why?>.
I have a freeipa server configured with a third-party certificate. When configuring replication, the following error occurs:
Done configuring kadmin. Configuring directory server (dirsrv) [1/3]: configuring TLS for DS instance [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE: Server at https://wocfreeipa.wingon.h k/ipa/json failed request, will retry: 4016 (Failed to authenticate to CA REST API).) Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
Certificate issuance failed (CA_UNREACHABLE: Server at https://wocfreeipa.wingon.hk/ipa/json failed reques t, will retry: 4016 (Failed to authenticate to CA REST API).) The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
I logged into the master check and found the following error: [root@wocfreeipa ipa]# ipa cert-show 1 ipa: ERROR: Failed to authenticate to CA REST API
(what do you expect to happen) I don't know how to fix this error, normal ipa cert-show 1 should show the CA certificate, ipa-replica-install should work fine
os: rockey 8.6 ipa version: VERSION: 4.9.8, API_VERSION: 2.245
Any additional information, configuration, data or log snippets that is needed for reproduction or investigation of the issue.
Log file locations: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-files-logs.html Troubleshooting guide: https://www.freeipa.org/page/Troubleshooting
Metadata Update from @junhouhe: - Issue close_status updated to: invalid - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.