Richard Megginson wrote: > Susan wrote: > >> --- Richard Megginson <rmeggins at redhat.com> wrote: >> susan: >> >> >>>> "CT,," -a -i cnjldap01.cert.asc certutil: could not obtain >>>> certificate from file: You are attempting to import a cert with the >>>> same issuer/serial as an existing cert, but that is not the same cert. >>>> >>>> What do you think? Both the supplier's and the consumer's CA certs >>>> were created with identical >>>> password/noise files. Is that a problem? >>>> >>>> >>>> >>> >>> It seems that you already have the CA cert in the consumer cert db. >>> >> >> >> >> well, I recreated the cert DB on the supplier and the consumer, using >> different passwords and >> noise files and it worked fine after that. I guess identical >> passwords/noise produce identical >> certs and that's not allowed. >> > No, that should be ok - are you sure you gave each cert a unique serial > number? Really all you need to do is generate a single CA certificate and use that to sign both the supplier and consumer certificates. Each server doesn't need its own CA. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060118/5d650d88/attachment.bin
