Günther J. Niederwimmer via FreeIPA-users wrote:
Am Donnerstag, 2. Januar 2020, 19:46:47 CET schrieb Rob Crittenden
via
FreeIPA-users:
> Günther J. Niederwimmer via FreeIPA-users wrote:
>
>> Hello,
>>
>> this is a new installed Server CentOS 7.7
>>
>> but it is not possible to configure this for IPA replica
>> I have this Error
>>
>> ipapython.admintool: ERROR [0:0:6]+[128:32:0] not in asn1Spec:
>> GeneralName(componentType=NamedTypes(NamedType('rfc822Name',
>> IA5String(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0, tagId=1)))),
>> NamedType('dNSName', IA5String(tagSet=TagSet((), Tag(tagClass=128,
>> tagFormat=0, tagId=2)))), NamedType('directoryName',
>> Name(componentType=NamedTypes(NamedType('', RDNSequence())),
>> tagSet=TagSet((),
Tag(tagClass=128, tagFormat=0, tagId=4)))),
>> NamedType('uniformResourceIdentifier', IA5String(tagSet=TagSet((),
>> Tag(tagClass=128, tagFormat=0, tagId=6)))), NamedType('iPAddress',
>> OctetString(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0, tagId=7)))),
>>
>> NamedType('registeredID', ObjectIdentifier('<no
value>'))))
>> ipapython.admintool: ERROR The ipa-replica-install command failed. See
>> /
var/log/ipareplica-install.log for more information
>>
>> I install before ipa-client-install, this is working but afterward for the
>>
replica i Have this Problem?
>>
>> firewall Ports are open.
>>
>
>
> More context from the log would help.
I send it to you Rob
> And can you confirm what version of python-pyasn1 is installed, and that
> you don't have a pip-version installed.
this version is installed
Paket python2-pyasn1-0.1.9-7.el7.noarch
normal installation
It is blowing up trying to fetch the subject-alt names out of the Apache
cert on the original master (ipa.xxx.xxx). You didn't happen to replace
the Apache cert on ipa.xxx.xxx did you?
Can you provide the PEM for that cert?
On ipa.xxx.xxx:
# certutil -L -d /etc/httpd/alias -n Server-Cert -a
rob