On 07/12/2017 08:34 PM, Fraser Tweedale wrote:

Which version(s) of FreeIPA?

Which service(s) (HTTP, LDAP?).
HTTPS. I haven't checked LDAPS yet. It appears this is only related to HTTPS. To give a bit of backstory, the primary host [ipa0] was installed and configured a couple of months before I came on board here (which was in early April). One of my first tasks was to build a replica of ipa0 (wackily named ipa1) for redundancy.

What client program(s) were used to contact the servers?  (The same
client, or different?)  Has the IPA CA cert been properly installed
for the relevant clients / client systems?
I've not even tried to connect clients yet, this is solely related to the web browser complaining about the connection to the admin panel being insecure on ipa1, but not ipa0. ipa0 has a valid not self-signed wildcard cert on it. SO, either the process I used to build the replica and get it synced was incorrect, or the process doesn't include valid non-self-signed HTTPS certs. That's where I'm at now.

Can you show us the good / bad certs?

{{There are a lot of things to check when diagnosing PKI problems!}}


Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to