[description of the issue] I have a freeipa server configured with a third-party certificate. When configuring replication, the following error occurs:
Done configuring kadmin. Configuring directory server (dirsrv) [1/3]: configuring TLS for DS instance [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE: Server at https://xxx.xxxx/ipa/json failed request, will retry: 4016 (Failed to authenticate to CA REST API).) Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up.
Certificate issuance failed (CA_UNREACHABLE: Server at https://xxx.xxxx/ipa/json failed reques t, will retry: 4016 (Failed to authenticate to CA REST API).) The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
I logged into the master check and found the following error: ipa cert-show 1 ipa: ERROR: Failed to authenticate to CA REST API
I don't know how to fix this error, normal ipa cert-show 1 should show the CA certificate, ipa-replica-install should work fine
VERSION: 4.9.8, API_VERSION: 2.245
Log file locations: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/config-files-logs.html Troubleshooting guide: https://www.freeipa.org/page/Troubleshooting
Hi, please use the users mailing list for help requests (https://lists.fedorahosted.org/archives/list/freeipa-users%40lists.fedorahosted.org/). You will need to provide the full replica installation log (from /var/log/ipareplica-install.log) and the output of "getcert list" executed on the master (I suspect some of your certificates are expired).
Closing this issue.
Metadata Update from @frenaud: - Issue close_status updated to: invalid - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.