Ok. So once again my IPA server is having cert issues. Everything seems
to be working except when I am in the web interface and goto
"Authentication" --> "Certificates" --> Click any of the certs in the list.
---- I get this error from the browser.------
IPA ERROR 907: NetworkError
cannot connect to
https://[myservernamehere.fqdn]:443/ca/agent/ca/displayBySerial' :
SSL_HANDSHAKE_FAILURE
# getcert list |grep expires --> everything checks out ok. no expiry on
any of the certs
--- checked all the certs on there "Not Before" and "Not After" dates
for the following NSS db's
certutil -L -d /etc/pki/pki-tomcat/alias
certutil -L -d /etc/httpd/alias
---- In /var/log/httpd/error_log, I do see some errors: ----
Bad Remote Server Certificate -8181
SSL Library Error: -8181 Certificate has expired
I know it's an expired cert obviously from httpd errorlog but where is
the darn thing. I thought i checked all the places and looked ok but I'm
definitely missing something....
could use some advice.
TIA
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
