Get rid of Error "LDAP Connect error You are attempting to import a cert with the same issuer"

When you come across this error "LDAP Error: Connect error: TLS error -8054:You are attempting to import a cert with the same issuer" enrolling a client to FreeIPA/IDM server, it means that the existing certificate does not match the one on the IDM server and can be fixed quite easily with just one command. The scenario in which this can happen is that you might have had the client enrolled to a different IDM server previously and the old cert is still lying around.

Just run this one command for renaming the old cert and the problem would be solved

# mv /etc/ipa/ca.crt /etc/ipa/ca.crt.old

Re-run the "ipa-client-install" again and you should be good to go

# ipa-client-install --enable-dns-updates --mkhomedir

Output:

[root@cacti ~]# ipa-client-install --enable-dns-updates --mkhomedir
Discovery was successful!
Hostname: cacti.dev.local
Realm: DEV.LOCAL
DNS Domain: dev.local
IPA Server: idm.dev.local
BaseDN: dc=dev,dc=local

Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: farooq.ahmed
Synchronizing time with KDC...

All done and you should be good to go. Any issues please contact us/leave your comments.

Infra Related Articles....