New replica installations fail after replacement of the IPA CA certificate

Solution Verified - Updated -

Issue

  • After having replaced the IPA CA certificate, new replica installations fail. Creating a replica information file with the ipa-replica-prepare command appears to work but the replica installation fails with the following error:

You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.', 'desc': "Can't contact LDAP server"

In addition, the Directory Server access log shows the following error during replica installation:

[17/May/2013:08:06:08 +0800] conn=5568 fd=271 slot=271 connection from 1.2.3.4 to 5.6.7.8
[17/May/2013:08:06:08 +0800] conn=5568 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[17/May/2013:08:06:08 +0800] conn=5568 op=0 RESULT err=0 tag=120 nentries=0 etime=0
[17/May/2013:08:06:08 +0800] conn=5568 op=-1 fd=271 closed - SSL peer cannot verify your certificate.

Environment

  • Red Hat Enterprise Linux 6
  • IPA

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.