Hi Antonie, I've checked requiredSecret and secret values in the files you indicated. They are matching. My installations are fresh, I didn't upgrade from previous versions. I'm going to backup nssdb and reinitialize it, maybe it works. Regards,
Antoine Gatineau via FreeIPA-users <freeipa-users@lists.fedorahosted.org>, 17 Eki 2021 Paz, 18:07 tarihinde şunu yazdı: > On Fri, 2021-09-17 at 12:35 +0000, pp via FreeIPA-users wrote: > > Could you check if your "requiredSecret" value matches the "secret" in > "/etc/pki/pki-tomcat/server.xml"? > > I had two lines where they were different and the value has to match the > secret in "/etc/httpd/conf.d/ipa-pki-proxy.conf". Once they all matched I > restarted pki-tomcatd@pki-tomcat.service and httpd > > and both CLI and WebGUI certificate management worked again. > > According to a different thread "tomcat pre-9.0.31.0 uses > 'requiredSecret' and afterward uses 'secret'." > > I am running my FreeIPA server on CentOS 8 Stream which uses tomcat > 9.0.30. My uninformed guess is the last FreeIPA update from 4.9.3 to 4.9.6 > configured "secret" only and not "requiredSecret" which > > "broke" the config for the tomcat version used. Hope this helps. > > _______________________________________________ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > I can confirm that I ran in this issue on CentOS Stream 8 and this > solution works. > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure