Point No.2 Is now sorted. It was the old missing Subject Alternative Name
extension in certificate problem (which I had only seen with https until
now!).
I would still love to know if I need to live in fear of the other errors
though :)

On 4 January 2018 at 12:25, David Harvey <davidchar...@googlemail.com>
wrote:

> Dear list,
>
> In trying to escape from the various issues facing the ubuntu freeipa, I
> attempted to make the switch to Fedora 26 (same freeipa version 4.4.4).
>
> This seemed to go well (adding new replica first, and then replacing the
> ubuntu based installs), but I notice on my fedora boxes several warnings in
> /v/l/messages (pasted below).  Firstly, are these harmful, and what might I
> need to rectify!? I have a half baked theory that this might relate to some
> of the aspects that were broken in ubuntu and carrying their breakage
> across to the new platform!
>
> Secondly - could they relate to an issue I am seeing where one specific
> LDAPS client application is failing to verify the ldap server cert (even
> thought other clients are quite happy talking to it) since the ipa server
> reinstall?
>
> Advice appreciated, thank you in advance!
>
> David
>
>
>
>
> Jan  4 11:53:09 ipa3 server[1357]: WARNING: Problem with JAR file
> [/usr/share/pki/server/common/lib/symkey.jar], exists: [false], canRead:
> [false]
> Jan  4 11:53:09 ipa3 ntpd[1200]: Soliciting pool server 45.79.111.114
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'enableOCSP' to 'false' did not find a matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'ocspResponderURL' to 'http://ipa3.thomac.net:9080/
> ca/ocsp' did not find a matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'ocspResponderCertNickname' to 'ocspSigningCert
> cert-pki-ca' did not find a matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'ocspCacheSize' to '1000' did not find a matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'ocspMinCacheEntryDuration' to '60' did not find a
> matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'ocspMaxCacheEntryDuration' to '120' did not find a
> matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'ocspTimeout' to '10' did not find a matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'strictCiphers' to 'true' did not find a matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'sslOptions' to 'ssl2=false,ssl3=false,tls=true' did not
> find a matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'ssl2Ciphers' to '-SSL2_RC4_128_WITH_MD5,-SSL2_
> RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-
> SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_
> WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5' did not find a matching
> property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'ssl3Ciphers' to '-SSL3_FORTEZZA_DMS_WITH_NULL_
> SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_
> RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_
> WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_
> RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_
> FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_
> RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-
> TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_
> AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA' did not find a
> matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'tlsCiphers' to '-TLS_ECDH_ECDSA_WITH_AES_128_
> CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_
> RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_
> SHA,+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_
> WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_
> SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_
> CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_
> 3DES_EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_
> AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_
> DHE_DSS_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_DSS_WITH_AES_128_CBC_
> SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA,+TLS_DHE_RSA_WITH_
> 3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA,+TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
> did not find a matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'sslVersionRangeStream' to 'tls1_0:tls1_2' did not find a
> matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'sslVersionRangeDatagram' to 'tls1_1:tls1_2' did not find
> a matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'sslRangeCiphers' to '-TLS_ECDH_ECDSA_WITH_AES_128_
> CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_
> RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_
> SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_
> WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_
> SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_
> ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_
> CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_
> RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> -TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_
> CBC_SHA,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_RSA_
> WITH_AES_128_CBC_SHA,-TLS_DHE_RSA_WITH_AES_256_CBC_SHA,-TLS_
> DHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_DHE_RSA_WITH_AES_
> 256_CBC_SHA256,-TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_
> DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_
> AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_
> WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_AES_128_CBC_SHA256,-
> TLS_RSA_WITH_AES_256_CBC_SHA256,-TLS_RSA_WITH_AES_128_
> GCM_SHA256,+TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_
> 128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA' did not find a matching
> property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'serverCertNickFile' to 
> '/var/lib/pki/pki-tomcat/conf/serverCertNick.conf'
> did not find a matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'passwordFile' to 
> '/var/lib/pki/pki-tomcat/conf/password.conf'
> did not find a matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'passwordClass' to 
> 'org.apache.tomcat.util.net.jss.PlainPasswordFile'
> did not find a matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetAllPropertiesRule]{Server/Service/Connector}
> Setting property 'certdbDir' to '/var/lib/pki/pki-tomcat/alias' did not
> find a matching property.
> Jan  4 11:53:10 ipa3 server[1357]: WARNING: 
> [SetPropertiesRule]{Server/Service/Engine/Host/Valve}
> Setting property 'resolveHosts' to 'false' did not find a matching property.
>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to