On Wed, Jan 10, 2018 at 04:02:57PM +0100, Giulio Casella wrote:
> Il 10/01/2018 15:34, Fraser Tweedale via FreeIPA-users ha scritto:
> > Great!  I'm glad you got to the bottom of it.  Just curious - were
> > there / are there multiple authority entries in LDAP underneath
> > ou=authorities,ou=ca,o=ipaca?
> 
> No, there weren't (now, after solving initial problem, I setup a replica
> with --setup-ca, and I have 2 authorities).
> 
> > 
> > I have seen this sort of problem once before, when experimenting
> > with changing the CA Subject DN.  I wonder if the CA certificate
> > renewal that started all this off worked properly... are you using
> > an externally signed CA cert?
> 
> No, I'm using only IPA internal CA. I really don't know where everything
> started; for sure my cerificates weren't renewed, and when I found this
> issues, trying to resolve, I issued a ipa-cacert-manage renew (I promise, I
> won't do it anymore!)
> 
No worries, thanks for providing the additional info.  I am
mystified about how the wrong ipaCaId value got into your IPA
database but I am glad that everything is working for you know.

Cheers,
Fraser

> Thanks again,
> Giulio
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to