You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to setup CA clone with replication ports(master and clone) on non ssl port. But this fails as Clone CA seems to try the SSL port of master.
Setup:
I have 2 hosts.
pki3.example.org [Master CA]->connected to it's LDAP instance over ssl port
pki2.example.org [Clone CA] -> Connected to it's LDAP instance over non-ssl port
I am trying to configure Clone CA (pki2.example.org) to configure replication over non-ssl ports
Below the clone's pkispawn configuration file being used:
pkispawn : INFO ....... constructing PKI configuration data.
pkispawn : INFO ....... configuring PKI configuration data.
pkispawn : ERROR ....... Exception from Java Configuration Servlet: 500 Server Error: Internal Server Error
pkispawn : ERROR ....... ParseError: not well-formed (invalid token): line 1, column 0: {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.PKIException","Code":500,"Message":"Error in populating database: java.io.IOException: Failed to set up replication: No connection to master"}
pkispawn : DEBUG ....... Error Type: ParseError
pkispawn : DEBUG ....... Error Message: not well-formed (invalid token): line 1, column 0
pkispawn : DEBUG ....... File "/usr/sbin/pkispawn", line 597, in main
rv = instance.spawn(deployer)
File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 116, in spawn
json.dumps(data, cls=pki.encoder.CustomTypeEncoder))
File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3872, in configure_pki_data
root = ET.fromstring(e.response.text)
File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1300, in XML
parser.feed(text)
File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1642, in feed
self._raiseerror(v)
File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1506, in _raiseerror
Version-Release number of selected component (if applicable):
pki-ca-10.2.6-9.el7pki.noarch
How reproducible:
Steps to Reproduce:
1.Need 2 hosts
2.On host1 configure Directory Server with SSL (Example ports 30389, 30636)
3.Configure CA on host1 connecting to it LDAP over ssl
Example config:
Expected results:
pkispawn fails with below error:
pkispawn : ERROR ....... ParseError: not well-formed (invalid token): line 1, column 0: {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.PKIException","Code":500,"Message":"Error in populating database: java.io.IOException: Failed to set up replication: No connection to master"}
Additional info:
The text was updated successfully, but these errors were encountered:
This issue was migrated from Pagure Issue #3151. Originally filed by cipherboy (@cipherboy) on 2020-03-16 09:43:18:
Description of problem:
I am trying to setup CA clone with replication ports(master and clone) on non ssl port. But this fails as Clone CA seems to try the SSL port of master.
Setup:
I have 2 hosts.
pki3.example.org [Master CA]->connected to it's LDAP instance over ssl port
pki2.example.org [Clone CA] -> Connected to it's LDAP instance over non-ssl port
I am trying to configure Clone CA (pki2.example.org) to configure replication over non-ssl ports
Below the clone's pkispawn configuration file being used:
pkispawn fails below error:
Version-Release number of selected component (if applicable):
pki-ca-10.2.6-9.el7pki.noarch
How reproducible:
Steps to Reproduce:
1.Need 2 hosts
2.On host1 configure Directory Server with SSL (Example ports 30389, 30636)
3.Configure CA on host1 connecting to it LDAP over ssl
Example config:
Actual results:
3.On host2, configure DS using ports 30389 and 30636
4.On host2 configure Clone CA to use only non-ssl port to connect to it's ldap server and also use non-ssl ports for replication with Master CA.
Expected results:
pkispawn fails with below error:
Additional info:
The text was updated successfully, but these errors were encountered: