On 11/12/20 3:13 PM, Thomas Boroske via FreeIPA-users wrote:
Hi Flo,
I am seeing the same (with SE Linux since we use that too):
ll -Z /var/lib/ipa-client/pki/kdc-ca-bundle.pem
-rw-r--r--. root root unconfined_u:object_r:realmd_var_lib_t:s0
/var/lib/ipa-client/pki/kdc-ca-bundle.pem
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Hi,
a customer recently had the same issue with a CAless deployment, which
happened after the KDC cert was renewed but the renewed cert didn't
contain SubjectAltName extension.
Could you provide the full output of
$ openssl x509 -in /var/kerberos/krb5kdc/kdc.crt -noout -text
(it should contain a line with X509v3 Subject Alternative Name:).
The customer solved the issue by requesting a new cert:
$ getcert list -f /var/kerberos/krb5kdc/kdc.crt
(note the request Id)
$ getcert resubmit -i <request id>
$ getcert list -i <request id>
flo
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
