New replica installations fail after replacement of the IPA CA certificate

Solution Verified - Updated -

Issue

  • After having replaced the IPA CA certificate, new replica installations fail. Creating a replica information file with the ipa-replica-prepare command appears to work but the replica installation fails with the following error:

You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.', 'desc': "Can't contact LDAP server"

In addition, the Directory Server access log shows the following error during replica installation:

[17/May/2013:08:06:08 +0800] conn=5568 fd=271 slot=271 connection from 1.2.3.4 to 5.6.7.8
[17/May/2013:08:06:08 +0800] conn=5568 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[17/May/2013:08:06:08 +0800] conn=5568 op=0 RESULT err=0 tag=120 nentries=0 etime=0
[17/May/2013:08:06:08 +0800] conn=5568 op=-1 fd=271 closed - SSL peer cannot verify your certificate.

Environment

  • Red Hat Enterprise Linux 6
  • IPA

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content