Evg Hertz via FreeIPA-users wrote: > how recreate CA and > directory server > http server > KDC > ?
IMHO the way forward is to figure out what is wrong with your installation. There is no replacing individual components. The RA cert appears to be ok but it apparently is being rejected during authentication. Can you run this to see whether the certificate has been revoked? 7 is the serial number of the RA cert. # pki cert-show 7 WARNING: pki cert has been deprecated. Use pki ca-cert instead. WARNING: UNTRUSTED ISSUER encountered on 'CN=ipa.example.test,O=EXAMPLE.TEST' indicates a non-trusted CA cert 'CN=Certificate Authority,O=EXAMPLE.TEST' Trust this certificate (y/N)? y Serial Number: 0x7 Subject DN: CN=IPA RA,O=EXAMPLE.TEST Issuer DN: CN=Certificate Authority,O=EXAMPLE.TEST Status: VALID Not Valid Before: Mon Jan 04 13:59:14 UTC 2021 Not Valid After: Sun Dec 25 13:59:14 UTC 2022 The status should be VALID. If it is valid then I think we need to see some logs from 389 and pki to try to find out why the auth is rejected. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
