[Pki-users] Re: [389-users] Errors installing PKI Clone / chicken or egg question
Hello,
I am running:
[root@service-1 ~]# rpm -qa|grep pki
pki-selinux-1.1.0-1.fc10.noarch
pki-java-tools-1.1.0-1.fc10.noarch
pki-native-tools-1.1.0-1.fc10.x86_64
dogtag-pki-ca-ui-1.1.0-1.fc10.noarch
pki-setup-1.1.0-1.fc10.noarch
dogtag-pki-common-ui-1.1.0-1.fc10.noarch
pki-common-1.1.0-1.fc10.noarch
pki-util-1.1.0-1.fc10.noarch
pki-ca-1.1.0-1.fc10.noarch
Looking at the dse.ldif file, it shows that the replication server in
*not* localhost,
service-1 shows service-2 and server-2 shows service-1
I am going to retry the install using the fqdn of the local machine as
the internal database on each system.
Thanks,
Mike
On Thu, May 21, 2009 at 1:06 PM, Marc Sauton <msauton(a)redhat.com> wrote:
I would not, that was likely the first issue you encountered when
replication could not be initialized by the Dogtag web configuration wizard.
>
> An additional question:
>
> When running through the setup for dogtag, you have the option of
> using ssl for communication. What if you want to use your dogtag CA
> (which you are setting up) to provide the sign the ldap certificate?
>
The web configuration wizard creates all the necessary certificates and
keys, as well all the replication agreements.
Assuming the nsDS5ReplicaHost is not localhost, you may have hit a
regression with Bugzilla 454032, with modified status, for RHCS 8.0, which
should also be in Dogtag, what exact version are you using? (may want to
check if you have this fix)
In that case, a possible work around would be to not select SSL in the
Dogtag web configuration wizard, and then later configure SSL replication
either manually or using the Directory Server console.