Hi, tail -f /var/log/pki/pki-tomcat/localhost_access_log.2022-12-19.txt 10.100.0.213 - - [19/Dec/2022:09:59:45 +0800] "GET /ca/rest/certs/1 HTTP/1.1" 200 9991 10.100.0.213 - - [19/Dec/2022:09:59:45 +0800] "GET /ca/rest/account/login HTTP/1.1" 401 669 10.100.0.213 - - [19/Dec/2022:10:00:01 +0800] "GET /ca/rest/certs/1 HTTP/1.1" 200 9991 10.100.0.213 - - [19/Dec/2022:10:00:01 +0800] "GET /ca/rest/account/login HTTP/1.1" 401 669 10.100.0.213 - - [19/Dec/2022:10:01:50 +0800] "GET /ca/rest/certs/1 HTTP/1.1" 200 9991 10.100.0.213 - - [19/Dec/2022:10:01:50 +0800] "GET /ca/rest/account/login HTTP/1.1" 401 669 10.100.0.213 - - [19/Dec/2022:10:03:33 +0800] "GET /ca/rest/certs/1 HTTP/1.1" 200 9991 10.100.0.213 - - [19/Dec/2022:10:03:33 +0800] "GET /ca/rest/account/login HTTP/1.1" 401 669
ldapsearch -D cn=directory\ manager -W -b "cn=7,ou=certificateRepository, > ou=ca,o=ipaca" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=7,ou=certificateRepository, ou=ca,o=ipaca> with scope subtree # filter: (objectclass=*) # requesting: ALL # # 7, certificateRepository, ca, ipaca dn: cn=7,ou=certificateRepository,ou=ca,o=ipaca objectClass: top objectClass: certificateRecord serialno: 017 metaInfo: requestId:7 metaInfo: profileId:caSubsystemCert notBefore: 20221116103302Z notAfter: 20241105103302Z duration: 1162208000000 subjectName: CN=IPA RA,O=WINGON.HK issuerName: CN=Certificate Authority,O=WINGON.HK publicKeyData:: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweZk70qnab7kJNH3Eq ut/OM5BgDA/8jMLovrMckOEuR0i7ESdbhYs7WXIRdz24Sfj21JoNiFznX6PNt5+lNGHeIGV59YWMe Np7+6fOzON3obtdSLCmu+B+8IDxjO0FKPGfjeMFXnY5SgxylBPqZ7O80Toa6hr+NgFnloFzBZxZZY M20qmGlyPP1XE1eoNLlqKGEv7dhyt+quAfos0OYwlsiQUe1x99Yh4ACtEXUiaDNgFbMrqSNmaB0VD wFjhki/LlSeuT8cf3qhasO/1uXqLVGfk1Rp6tLgpQM7Yme82xP+7mU9qb+2rmvwZEZ7IdhYtyPHR9 /tcAd+gWVGNXB4QQIDAQAB extension: 2.5.29.35 extension: 1.3.6.1.5.5.7.1.1 extension: 2.5.29.37 extension: 2.5.29.15 userCertificate;binary:: MIID2zCCAkOgAwIBAgIBBzANBgkqhkiG9w0BAQsFADA0MRIwEAYDV QQKDAlXSU5HT04uSEsxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMjExMTYwMj MzMDJaFw0yNDExMDUwMjMzMDJaMCUxEjAQBgNVBAoMCVdJTkdPTi5ISzEPMA0GA1UEAxMGSVBBIFJ BMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweZk70qnab7kJNH3Equt/OM5BgDA/8jM LovrMckOEuR0i7ESdbhYs7WXIRdz24Sfj21JoNiFznX6PNt5+lNGHeIGV59YWMeNp7+6fOzON3obt dSLCmu+B+8IDxjO0FKPGfjeMFXnY5SgxylBPqZ7O80Toa6hr+NgFnloFzBZxZZYM20qmGlyPP1XE1 eoNLlqKGEv7dhyt+quAfos0OYwlsiQUe1x99Yh4ACtEXUiaDNgFbMrqSNmaB0VDwFjhki/LlSeuT8 cf3qhasO/1uXqLVGfk1Rp6tLgpQM7Yme82xP+7mU9qb+2rmvwZEZ7IdhYtyPHR9/tcAd+gWVGNXB4 QQIDAQABo4GGMIGDMB8GA1UdIwQYMBaAFJ8ZyajgiijLxO2BwLiNp41P71lBMDsGCCsGAQUFBwEBB C8wLTArBggrBgEFBQcwAYYfaHR0cDovL2lwYS1jYS53aW5nb24uaGsvY2Evb2NzcDAOBgNVHQ8BAf 8EBAMCBLAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHNXs5jedTldgEC YHyiR1dLog9MZt2LlL8CUwOV9CVV7Y6GYK7faEVqQ6asJaMt6lIbfP/5luDDP3I/IV9b0LiKN8lkV COcQ6h5gWPni5IEc5BKeCAcrF5Val+XhnEXraSyy0Ak5sxlMlKRN0Um8vvsk2t11xYeB4edgqdU6l pr23p9jXVZUgdFYcEo2WG0Mf/tES8ekccdYuEUqwK+ftqn1JytbLekVl/uIB79qS5+PIjTBtm8WiC 0BWtaR4M/qQPJIwczfQNj3svhtuC/PeL6yWL7j20CkPvOldvIvcyJvRfmblkWWZbjy3xRRa1o1Fwj MZbN+c/DA3Fp9HWUv97h6clXb1+n6ZRhthm3R+cD7uK5wGtMzcyM/c0GhonxdCYGuBNYmGuxMv6qG Fvga2K18zVi9i4zVoFz27rllTaHWAEQvsI/BSwTKkEiLjNp9XmncKiz2SbMiC0f6i6hwpbk4rmNeM 1Zwvo+TTpu7iVP57pz1zMaLXPLInkbjx1A1Wg== version: 2 algorithmId: 1.2.840.113549.1.1.1 signingAlgorithmId: 1.2.840.113549.1.1.11 dateOfCreate: 20221116103303Z dateOfModify: 20221116103303Z certStatus: VALID autoRenew: ENABLED issuedBy: admin cn: 7 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 cat /var/lib/ipa/ra-agent.pem -----BEGIN CERTIFICATE----- MIID2zCCAkOgAwIBAgIBBzANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlXSU5H T04uSEsxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMjExMTYw MjMzMDJaFw0yNDExMDUwMjMzMDJaMCUxEjAQBgNVBAoMCVdJTkdPTi5ISzEPMA0G A1UEAxMGSVBBIFJBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweZk 70qnab7kJNH3Equt/OM5BgDA/8jMLovrMckOEuR0i7ESdbhYs7WXIRdz24Sfj21J oNiFznX6PNt5+lNGHeIGV59YWMeNp7+6fOzON3obtdSLCmu+B+8IDxjO0FKPGfje MFXnY5SgxylBPqZ7O80Toa6hr+NgFnloFzBZxZZYM20qmGlyPP1XE1eoNLlqKGEv 7dhyt+quAfos0OYwlsiQUe1x99Yh4ACtEXUiaDNgFbMrqSNmaB0VDwFjhki/LlSe uT8cf3qhasO/1uXqLVGfk1Rp6tLgpQM7Yme82xP+7mU9qb+2rmvwZEZ7IdhYtyPH R9/tcAd+gWVGNXB4QQIDAQABo4GGMIGDMB8GA1UdIwQYMBaAFJ8ZyajgiijLxO2B wLiNp41P71lBMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL2lw YS1jYS53aW5nb24uaGsvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBLAwEwYDVR0lBAww CgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHNXs5jedTldgECYHyiR1dLo g9MZt2LlL8CUwOV9CVV7Y6GYK7faEVqQ6asJaMt6lIbfP/5luDDP3I/IV9b0LiKN 8lkVCOcQ6h5gWPni5IEc5BKeCAcrF5Val+XhnEXraSyy0Ak5sxlMlKRN0Um8vvsk 2t11xYeB4edgqdU6lpr23p9jXVZUgdFYcEo2WG0Mf/tES8ekccdYuEUqwK+ftqn1 JytbLekVl/uIB79qS5+PIjTBtm8WiC0BWtaR4M/qQPJIwczfQNj3svhtuC/PeL6y WL7j20CkPvOldvIvcyJvRfmblkWWZbjy3xRRa1o1FwjMZbN+c/DA3Fp9HWUv97h6 clXb1+n6ZRhthm3R+cD7uK5wGtMzcyM/c0GhonxdCYGuBNYmGuxMv6qGFvga2K18 zVi9i4zVoFz27rllTaHWAEQvsI/BSwTKkEiLjNp9XmncKiz2SbMiC0f6i6hwpbk4 rmNeM1Zwvo+TTpu7iVP57pz1zMaLXPLInkbjx1A1Wg== -----END CERTIFICATE----- the cert is vaild, and binary contain the same cert as /var/lib/ipa/ra-agent.pem,but the logs show unauthorized _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
