junhou he via FreeIPA-users wrote:
> Hi,
> "does it mean that they were replaced with externally-signed
> server certificates using ipa-server-certinstall?"
> yes , I replaced with externally-signed server certificates using certutil
> less /var/log/pki/pki-tomcat/ca/debug.2022-12-13.log
> 2022-12-13 08:18:31 [Timer-0] INFO: SessionTimer: checking security domain
> sessions
> 2022-12-13 08:23:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Updating serial number counter
> 2022-12-13 08:23:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Checking serial number ranges
> 2022-12-13 08:23:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Checking request ID ranges
> 2022-12-13 08:23:31 [Timer-0] INFO: SessionTimer: checking security domain
> sessions
> 2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating cert status
> 2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating invalid certs to valid
> 2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=INVALID)
> 2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating valid certs to expired
> 2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=VALID)
> 2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
> cn=2,ou=certificateRepository,ou=ca,o=ipaca
> 2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating revoked certs to expired
> 2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=REVOKED)
> 2022-12-13 08:28:31 [Timer-0] INFO: SessionTimer: checking security domain
> sessions
> 2022-12-13 08:33:30 [CRLIssuingPoint-MasterCRL] INFO: LDAPSession: Modifying
> LDAP entry cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=ipaca
> 2022-12-13 08:33:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Updating serial number counter
> 2022-12-13 08:33:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Checking serial number ranges
> 2022-12-13 08:33:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Checking request ID ranges
> 2022-12-13 08:33:31 [Timer-0] INFO: SessionTimer: checking security domain
> sessions
> 2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating cert status
> 2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating invalid certs to valid
> 2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=INVALID)
> 2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating valid certs to expired
> 2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=VALID)
> 2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
> cn=2,ou=certificateRepository,ou=ca,o=ipaca
> 2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating revoked certs to expired
> 2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=REVOKED)
> 2022-12-13 08:38:31 [Timer-0] INFO: SessionTimer: checking security domain
> sessions
> 2022-12-13 08:43:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Updating serial number counter
> 2022-12-13 08:43:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Checking serial number ranges
> 2022-12-13 08:43:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Checking request ID ranges
> 2022-12-13 08:43:31 [Timer-0] INFO: SessionTimer: checking security domain
> sessions
> 2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating cert status
> 2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating invalid certs to valid
> 2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=INVALID)
> 2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating valid certs to expired
> 2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=VALID)
> 2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
> cn=2,ou=certificateRepository,ou=ca,o=ipaca
> 2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating revoked certs to expired
> 2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=REVOKED)
> 2022-12-13 08:48:30 [CRLIssuingPoint-MasterCRL] INFO: LDAPSession: Modifying
> LDAP entry cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=ipaca
> 2022-12-13 08:48:31 [Timer-0] INFO: SessionTimer: checking security domain
> sessions
> 2022-12-13 08:53:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Updating serial number counter
> 2022-12-13 08:53:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Checking serial number ranges
> 2022-12-13 08:53:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Checking request ID ranges
> 2022-12-13 08:53:31 [Timer-0] INFO: SessionTimer: checking security domain
> sessions
> 2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating cert status
> 2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating invalid certs to valid
> 2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=INVALID)
> 2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating valid certs to expired
> 2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=VALID)
> 2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
> cn=2,ou=certificateRepository,ou=ca,o=ipaca
> 2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating revoked certs to expired
> 2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=REVOKED)
> 2022-12-13 08:58:31 [Timer-0] INFO: SessionTimer: checking security domain
> sessions
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CRLIssuingPoint:
> Updating MasterCRL
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CASigningUnit: Getting
> algorithm context for SHA256withRSA RSASignatureWithSHA256Digest
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CASigningUnit: Signing
> Certificate
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CRLReposiotry: Updating
> CRL issuing point record
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: LDAPSession: Modifying
> LDAP entry cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=ipaca
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> Getting crl publishing rules
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: -
> name: LdapXCertRule
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> enabled: false
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: -
> name: LdapCaCertRule
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> enabled: false
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: -
> name: FileCrlRule
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> enabled: true
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> type: crl
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> predicate: null
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: -
> name: LdapUserCertRule
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> enabled: false
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: -
> name: LdapCrlRule
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> enabled: false
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor:
> Publishing CRL 130 to MasterCRL
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> Getting crl publishing rules
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: -
> name: LdapXCertRule
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> enabled: false
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: -
> name: LdapCaCertRule
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> enabled: false
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: -
> name: FileCrlRule
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> enabled: true
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> type: crl
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> predicate: null
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: -
> name: LdapUserCertRule
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> enabled: false
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: -
> name: LdapCrlRule
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor:
> enabled: false
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor:
> Publishing rules:
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor: -
> rule: FileCrlRule
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor:
> mapper: NoMap
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor:
> Publishing to CN=Certificate Authority,O=WINGON.HK
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor: -
> publisher: FileBaseCRLPublisher
> 2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor:
> Published CRL
> 2022-12-13 09:03:30 [CRLIssuingPoint-MasterCRL] INFO: LDAPSession: Modifying
> LDAP entry cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=ipaca
> 2022-12-13 09:03:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Updating serial number counter
> 2022-12-13 09:03:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Checking serial number ranges
> 2022-12-13 09:03:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Checking request ID ranges
> 2022-12-13 09:03:31 [Timer-0] INFO: SessionTimer: checking security domain
> sessions
> 2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating cert status
> 2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating invalid certs to valid
> 2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=INVALID)
> 2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating valid certs to expired
> 2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=VALID)
> 2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
> cn=2,ou=certificateRepository,ou=ca,o=ipaca
> 2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating revoked certs to expired
> 2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=REVOKED)
> 2022-12-13 09:08:31 [Timer-0] INFO: SessionTimer: checking security domain
> sessions
> 2022-12-13 09:13:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Updating serial number counter
> 2022-12-13 09:13:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Checking serial number ranges
> 2022-12-13 09:13:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask:
> Checking request ID ranges
> 2022-12-13 09:13:31 [Timer-0] INFO: SessionTimer: checking security domain
> sessions
> 2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating cert status
> 2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating invalid certs to valid
> 2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=INVALID)
> 2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating valid certs to expired
> 2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=VALID)
> 2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
> cn=2,ou=certificateRepository,ou=ca,o=ipaca
> 2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask:
> Updating revoked certs to expired
> 2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
> ou=certificateRepository, ou=ca,o=ipaca
> 2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
> (certStatus=REVOKED)
> 2022-12-13 09:18:30 [CRLIssuingPoint-MasterCRL] INFO: LDAPSession: Modifying
> LDAP entry cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=ipaca
>
> The debug log has no relevant error prompts
You should watch the debug log as you try to authenticate to it.
As an example, this is what it looks like if the ipara account has an
incorrect description. This is apparently not your issue, I show this
only for illustration purposes.
2022-12-12 21:47:56 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO: Getting
certificate 0x1
2022-12-12 21:47:56 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO:
LDAPSession: reading cn=1,ou=certificateRepository, ou=ca,o=ipaca
2022-12-12 21:47:56 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO:
PKIService: Response format: application/json
2022-12-12 21:47:56 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-1] INFO:
PKIService: Response class: CertData
2022-12-12 21:47:56 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2] INFO:
PKIRealm: Authenticating certificate chain:
2022-12-12 21:47:56 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2] INFO:
PKIRealm: - CN=IPA RA, O=EXAMPLE.TEST
2022-12-12 21:47:56 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2] SEVERE:
CertUserDBAuthentication: cannot map certificate to any user: User not found
User not found
at
com.netscape.cmscore.usrgrp.UGSubsystem.buildUsers(UGSubsystem.java:391)
at
com.netscape.cmscore.usrgrp.UGSubsystem.findUsersByCert(UGSubsystem.java:249)
at
com.netscape.cmscore.usrgrp.ExactMatchCertUserLocator.locateUser(ExactMatchCertUserLocator.java:84)
at
com.netscape.cmscore.authentication.CertUserDBAuthentication.authenticate(CertUserDBAuthentication.java:193)
at com.netscape.cms.realm.PKIRealm.authenticate(PKIRealm.java:133)
at
com.netscape.cms.tomcat.ProxyRealm.authenticate(ProxyRealm.java:104)
at
org.apache.catalina.authenticator.SSLAuthenticator.doAuthenticate(SSLAuthenticator.java:94)
at
org.apache.catalina.authenticator.AuthenticatorBase.authenticate(AuthenticatorBase.java:733)
at
com.netscape.cms.tomcat.SSLAuthenticatorWithFallback.doSubAuthenticate(SSLAuthenticatorWithFallback.java:37)
at
com.netscape.cms.tomcat.AbstractPKIAuthenticator.doAuthenticate(AbstractPKIAuthenticator.java:93)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:625)
at
com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:83)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)
at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:433)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1789)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at
org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)
2022-12-12 21:47:56 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2] SEVERE:
CertUserDBAuthentication: Cannot authenticate agent with certificate
Serial 0x7 Subject DN CN=IPA RA,O=EXAMPLE.TEST. Error: User not found
2022-12-12 21:47:56 [ajp-nio-0:0:0:0:0:0:0:1-8009-exec-2] WARNING:
Unable to authenticate cert chain: Invalid Credential.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
