On Mon, 2011-08-01 at 23:03 -0400, Adam Young wrote: > On 08/01/2011 10:26 PM, Adam Young wrote: > > On 08/01/2011 03:19 PM, Rob Crittenden wrote: > > > Ade Lee from the dogtag team looked at our installer and found > > > that we restarted the pki-cad process too many times. Re-arranging > > > some code allows us to restart it just once. The new config time > > > for dogtag is 3 1/2 minutes, down from about 5 1/2. > > > > > > Ade is working on improvements in pki-silent as well which can > > > bring the overall install time to 90 seconds. If we can get a > > > change in SELinux policy we're looking at 60 seconds. > > > > > > This patch just contains the reworked installer part. Once an > > > updated dogtag is released we can update the spec file to pull it > > > in. > > > > > > rob > > > > > > _______________________________________________ > > > Freeipa-devel mailing list > > > Freeipa-devel@redhat.com > > > https://www.redhat.com/mailman/listinfo/freeipa-devel > > > > Disregard: same thing seems to be happening without this patch. > > > > > Something is wrong. When I installed this patch, the browser works > > fine in a clean mode (never before initiailzied). Howevr, if the > > browser already has a certificate from the server, in the past I was > > able to go into Edit->preferences->advanced->Certificates, and > > remove both the server and the CA certificate, and then restart the > > browser. That does not work now. I just get the message > > > > Secure Connection Failed > > An error occurred during a connection to > > server15.ayoung.boston.devel.redhat.com. > > > > You have received an invalid certificate. Please contact the server > > administrator or email correspondent and give them the following > > information: > > > > Your certificate contains the same serial number as another > > certificate issued by the certificate authority. Please get a new > > certificate containing a unique serial number. > > > > (Error code: sec_error_reused_issuer_and_serial) > > > > The page you are trying to view can not be shown because the > > authenticity of the received data could not be verified. > > Please contact the web site owners to inform them of this problem. > > Alternatively, use the command found in the help menu to report this > > broken site. > > > > > > Restarting IPA made no difference. The browser does not provide a > > lot of info in which to debug this. > > > > > > I'll try again with out the patch and see if there is a difference. > >
In Firefox 5 I also have to clear browser cache along with removing certificates to get rid of 'sec_error_reused_issuer_and_serial'. Petr _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
