Description of problem:
During second attempt of IPA external-ca install after first successful attempt, following error message shown which is misleading.
ipa.ipapython.install.cli.install_tool(Server): ERROR Failed to load /root/ipa-ca/ipa.crt
Honza helped me to figured out the cause for this.
Here, uninstallation of IPA external-ca was not removing the certs from /etc/httpd/alias which is already reported in https://fedorahosted.org/freeipa/ticket/4639.
But instead of error message "Failed to load /root/ipa-ca/ipa.crt
", we expect error message like
"(SEC_ERROR_REUSED_ISSUER_AND_SERIAL) You are attempting to import a cert with the same issuer/serial as an existing cert"
Also warning message is not logged in ipaserver-install.log .
Version-Release number of selected component (if applicable):
[root@auto-hv-01-guest02 ~]# rpm -q ipa-server
Steps to Reproduce:
1. Installl IPA with external-ca
2. Uninstall IPA
3. Install IPA with external-ca again
Installation of IPA fails in second attempt
Installation of IPA should be successful in second attempt also
1. After removing the certs from /etc/httpd/alias, able to install IPA successfully.
*** Bug 1340096 has been marked as a duplicate of this bug. ***
I have encountered same error message in RHEL 7.3. Any plan of fixing this ?
Created attachment 1285980 [details]
verified on ipa-server-4.5.0-15.el7.x86_64 too.
Installation logs are attached.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.