[Freeipa-users] Re: Replica install Error ?

Günther J. Niederwimmer via FreeIPA-users wrote: > Am Freitag, 3. Januar 2020, 16:27:38 CET schrieb Rob Crittenden via > FreeIPA-

> >> Günther J. Niederwimmer via FreeIPA-users wrote: >> >> >> >>> Hallo, >>> >>> >>> >>> Am Donnerstag, 2. Januar 2020, 21:37:31 CET schrieb Rob Crittenden via >>> FreeIPA-users: >>> >>> >>> >>>> Günther J. Niederwimmer via FreeIPA-users wrote: >>>> >>>> >>>> >>>> >>>> >>>>> Am Donnerstag, 2. Januar 2020, 19:46:47 CET schrieb Rob Crittenden via >>>>> >>>>> FreeIPA-users: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> Günther J. Niederwimmer via FreeIPA-users wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> this is a new installed Server CentOS 7.7 >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> but it is not possible to configure this for IPA replica >>>>>>> I have this Error >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> ipapython.admintool: ERROR [0:0:6]+[128:32:0] not in asn1Spec: >>>>>>> GeneralName(componentType=NamedTypes(NamedType('rfc822Name', >>>>>>> IA5String(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0, >>>>>>> tagId=1)))), >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> NamedType('dNSName', IA5String(tagSet=TagSet((), Tag(tagClass=128, >>>>>>> tagFormat=0, tagId=2)))), NamedType('directoryName', >>>>>>> Name(componentType=NamedTypes(NamedType('', RDNSequence())), >>>>>>> tagSet=TagSet((), >>>>> >>>>> >>>>> >>>>> Tag(tagClass=128, tagFormat=0, tagId=4)))), >>>>> >>>>> >>>>> >>>>>>> NamedType('uniformResourceIdentifier', IA5String(tagSet=TagSet((), >>>>>>> Tag(tagClass=128, tagFormat=0, tagId=6)))), NamedType('iPAddress', >>>>>>> OctetString(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0, >>>>>>> tagId=7)))), >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> NamedType('registeredID', ObjectIdentifier('<no value>')))) >>>>>>> ipapython.admintool: ERROR The ipa-replica-install command >>>>>>> failed. >>>>>>> See >>>>>>> / >>>>> >>>>> >>>>> >>>>> var/log/ipareplica-install.log for more information >>>>> >>>>> >>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> I install before ipa-client-install, this is working but afterward >>>>>>> for >>>>>>> the >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> replica i Have this Problem? >>>>> >>>>> >>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> firewall Ports are open. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> More context from the log would help. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> I send it to you Rob >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> And can you confirm what version of python-pyasn1 is installed, and >>>>>> that >>>>>> you don't have a pip-version installed. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> this version is installed >>>>> Paket python2-pyasn1-0.1.9-7.el7.noarch >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> normal installation >>>> >>>> >>>> >>>> >>>> >>>> >>>> It is blowing up trying to fetch the subject-alt names out of the >>>> Apache >>>> cert on the original master (ipa.xxx.xxx). You didn't happen to >>>> replace >>>> the Apache cert on ipa.xxx.xxx did you? >>> >>> >>> >>> >>> NO, this is a "normal" Installation without changing anything ? >>> >>> >>> >>> I make no experiments with certificates? >>> >>> >>> >>> the only thing I remember >>> I have set in host >>> >>> >>> >>> xxx.xxx.xxx.xxx ipa.example.com >>> 2000:yy:yy:yy:yy ipa.example.com >>> xxx.xxx.xxx.xxx ipa.example.com.lan >>> >>> >>> >>> >>> >>> >>> >>>> Can you provide the PEM for that cert? >>>> >>>> >>>> >>> >>> >>> >>>> On ipa.xxx.xxx: >>>> # certutil -L -d /etc/httpd/alias -n Server-Cert -a >>> >>> >>> >>> >>> I have a normal certificate >>> -----BEGIN CERTIFICATE----- >>> ................................ >>> ................ >>> ......... >>> -----END CERTIFICATE----- >>> >>> >>> >> >> >> >> >> It could be useful for us to see the contents of the cert to see if we >> can duplicate the failure. > > > OK is on the way ;) > Can you provide the output of: python -c 'from urllib3.contrib import pyopenssl'