IPA selfsign CA setup cannot create replica information file after upgrade from RHEL6.3 to RHEL6.4

Solution Verified - Updated -

Issue

# ipa-replica-prepare replica.example.com --ip-address 10.1.1.3 --no-reverse
Directory Manager (existing master) password: 

Preparing replica for ipareplica.example.com from ipaserver.example.com
Creating SSL certificate for the Directory Server
certutil: could not find certificate named "CN=EXAMPLE.COM Certificate Authority": security library: bad database.
certutil: unable to create cert (security library: bad database.)
preparation of replica failed: Command '/usr/bin/certutil -d /tmp/tmpDKBdyzipa/realm_info -A -n Server-Cert -t u,u,u -i /var/lib/ipa/ipa-PQzfmA/tmpcert.der -f /tmp/tmpDKBdyzipa/realm_info/pwdfile.txt' returned non-zero exit status 255
Command '/usr/bin/certutil -d /tmp/tmpDKBdyzipa/realm_info -A -n Server-Cert -t u,u,u -i /var/lib/ipa/ipa-PQzfmA/tmpcert.der -f /tmp/tmpDKBdyzipa/realm_info/pwdfile.txt' returned non-zero exit status 255
  File "/usr/sbin/ipa-replica-prepare", line 490, in <module>
    main()

  File "/usr/sbin/ipa-replica-prepare", line 361, in main
    export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dscert", replica_fqdn, subject_base)

  File "/usr/sbin/ipa-replica-prepare", line 150, in export_certdb
    raise e

Environment

  • Red Hat Enterprise Linux 6.3, upgraded to Red Hat Enterprise Linux 6.4.
  • ipa-server-3.0.0-26.el6_4.2.x86_64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content