Polavarapu Manideep Sai wrote:
Hi Rob,
Certificates are valid in this case
In Replica Server we have upgraded the packages
Upgraded version VERSION: 4.6.8, API_VERSION: 2.237
Master Server Version: VERSION: 4.5.0, API_VERSION: 2.228
Note: Any new changes at Replica server not replicating/syncing/populating to master
server
Master ------> Replica [ Syncing or re-initialization happening ]
Master <------ Replica [ Not Syncing/Replicating]
You're getting an error about failed certificate verification. Something
is going wrong. Did you change a cert configuration? Add 3rd party
certificates?
Does ipa cert-show 1 succeed?
Replication may be failing for the same reason, untrusted certificates.
rob
-----Original Message-----
From: Rob Crittenden <rcritten(a)redhat.com>
Sent: 29 September 2022 23:18
To: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Cc: Polavarapu Manideep Sai <manideep.sai(a)onmobile.com>
Subject: Re: [Freeipa-users] Help ipa-server-upgrade command failed, exception:
NetworkError: cannot connect to
https://hostname.ipa.example.com:8443/ca/rest/account/login [SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
CAUTION. This email originated from outside the organization. Please exercise caution
before clicking on links or attachments in case of suspicion or unknown senders.
Polavarapu Manideep Sai via FreeIPA-users wrote:
> Hi Team,
>
>
>
> Facing below error while upgrading the IPA server using
> ipa-server-upgrade command
>
>
>
> Please let us know the fix if any , let us know if any more details
> required on the same
>
>
>
> ipa-server-upgrade command failed, exception: NetworkError: cannot
> connect to
> 'https://hostname.ipa.example.com:8443/ca/rest/account/login': [SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)
Some of your certificates are expired. getcert list will show you which.
The possible solutions depend on your version of IPA.
rob
________________________________
DISCLAIMER: The information in this message is confidential and may be legally
privileged. It is intended solely for the addressee. Access to this message by anyone else
is unauthorized. If you are not the intended recipient, any disclosure, copying, or
distribution of the message, or any action or omission taken by you in reliance on it, is
prohibited and may be unlawful. Please immediately contact the sender if you have received
this message in error. Further, this e-mail may contain viruses and all reasonable
precaution to minimize the risk arising there from is taken by OnMobile. OnMobile is not
liable for any damage sustained by you as a result of any virus in this e-mail. All
applicable virus checks should be carried out by you before opening this e-mail or any
attachment thereto.
Thank you - OnMobile Global Limited.