[Freeipa-users] Re: Certificate Revoking error in FreeIPA domain

Fri, 08 Dec 2023 09:12:45 -0800 

I don't need the requires, I need the installed package versions. I
think you may have a strange mix of old and new packages. I installed a
fresh CentOS-9-stream and revocation works there.

# rpm -q ipa-server idm-pki-ca
ipa-server-4.11.0-3.el9.x86_64
idm-pki-ca-11.4.2-1.el9.noarch

rob

Albert Stoune via FreeIPA-users wrote:
> OS: CentOS Stream release 9
> 
> As I said, FreeIPA was installed like:
> 
>     - yum install ipa-server ipa-server-dns
> 
> Additional info: FreeIPA was configure as Intermediate CA. ipa.csr was signed 
> by extenal RootCA
> 
> Dependencies installed with packets of ipa:
> 
> Output of "rpm -q --requires ipa-server":
>     (pki-acme >= 10.10.5 if pki-ca >= 10.10.0)
>     389-ds-base >= 2.0.5-1
>     389-ds-base >= 2.0.5-1
>     acl
>     certmonger >= 0.79.7-3
>     chrony
>     config(ipa-server) = 4.11.0-1.el9
>     cracklib-dicts
>     cyrus-sasl-gssapi(x86-64)
>     font(fontawesome)
>     gssproxy >= 0.7.0-2
>     gzip
>     httpd >= 2.4.37-21
>     ipa-client = 4.11.0-1.el9
>     ipa-common = 4.11.0-1.el9
>     ipa-server-common = 4.11.0-1.el9
>     krb5-kdb-version = 9.0
>     krb5-server >= 1.20.1-1
>     krb5-server >= 1.21
>     libc.so.6()(64bit)
>     libc.so.6(GLIBC_2.14)(64bit)
>     libc.so.6(GLIBC_2.2.5)(64bit)
>     libc.so.6(GLIBC_2.25)(64bit)
>     libc.so.6(GLIBC_2.3)(64bit)
>     libc.so.6(GLIBC_2.3.4)(64bit)
>     libc.so.6(GLIBC_2.34)(64bit)
>     libc.so.6(GLIBC_2.4)(64bit)
>     libc.so.6(GLIBC_2.7)(64bit)
>     libc.so.6(GLIBC_2.8)(64bit)
>     libcom_err.so.2()(64bit)
>     libcrypto.so.3()(64bit)
>     libcrypto.so.3(OPENSSL_3.0.0)(64bit)
>     libgcc_s.so.1()(64bit)
>     libgcc_s.so.1(GCC_3.0)(64bit)
>     libgcc_s.so.1(GCC_3.3.1)(64bit)
>     libgssapi_krb5.so.2()(64bit)
>     libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)
>     libjansson.so.4()(64bit)
>     libjansson.so.4(libjansson.so.4)(64bit)
>     libk5crypto.so.3()(64bit)
>     libk5crypto.so.3(k5crypto_3_MIT)(64bit)
>     libkrad.so.0()(64bit)
>     libkrad.so.0(krad_0_MIT)(64bit)
>     libkrb5.so.3()(64bit)
>     libkrb5.so.3(krb5_3_MIT)(64bit)
>     liblber.so.2()(64bit)
>     liblber.so.2(OPENLDAP_2.200)(64bit)
>     libldap.so.2()(64bit)
>     libldap.so.2(OPENLDAP_2.200)(64bit)
>     libndr-krb5pac.so.0()(64bit)
>     libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)
>     libndr-standard.so.0()(64bit)
>     libndr.so.3()(64bit)
>     libndr.so.3(NDR_0.0.1)(64bit)
>     libpopt.so.0()(64bit)
>     libpopt.so.0(LIBPOPT_0)(64bit)
>     libpwquality
>     libpwquality.so.1()(64bit)
>     libpwquality.so.1(LIBPWQUALITY_1.0)(64bit)
>     libsamba-errors.so.1()(64bit)
>     libsamba-errors.so.1(SAMBA_ERRORS_1.0.0)(64bit)
>     libsamba-util.so.0()(64bit)
>     libsamba-util.so.0(SAMBA_UTIL_0.0.1)(64bit)
>     libsss_certmap.so.0()(64bit)
>     libsss_certmap.so.0(SSS_CERTMAP_0.0)(64bit)
>     libsss_nss_idmap.so.0()(64bit)
>     libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.1.0)(64bit)
>     libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.4.0)(64bit)
>     libsss_nss_idmap.so.0(SSS_NSS_IDMAP_0.6.0)(64bit)
>     libtalloc.so.2()(64bit)
>     libtalloc.so.2(TALLOC_2.0.2)(64bit)
>     libtevent.so.0()(64bit)
>     libunistring.so.2()(64bit)
>     libuuid.so.1()(64bit)
>     libuuid.so.1(UUID_1.0)(64bit)
>     libverto.so.1()(64bit)
>     mod_auth_gssapi >= 1.5.0
>     mod_lookup_identity >= 0.9.9
>     mod_session >= 2.4.37-21
>     mod_ssl >= 2.4.37-21
>     nss-tools >= 3.44.0-4
>     oddjob
>     open-sans-fonts
>     openldap-clients > 2.4.35-4
>     openssl > 1.1.1i
>     p11-kit
>     pki-ca >= 10.10.5
>     pki-kra >= 10.10.5
>     policycoreutils >= 2.1.12-5
>     python3
>     python3
>     python3-gssapi >= 1.2.0-5
>     python3-ipaserver = 4.11.0-1.el9
>     python3-ldap >= 3.1.0-1
>     python3-mod_wsgi
>     python3-systemd
>     rpmlib(CompressedFileNames) <= 3.0.4-1
>     rpmlib(FileDigests) <= 4.6.0-1
>     rpmlib(PayloadFilesHavePrefix) <= 4.0-1
>     rpmlib(PayloadIsZstd) <= 5.4.18-1
>     rpmlib(RichDependencies) <= 4.12.0-1
>     rtld(GNU_HASH)
>     samba-client-libs >= 4.18.6-100.el9
>     selinux-policy >= 38.1.1-1
>     selinux-policy-base >= 38.1.1-1
>     shadow-utils
>     slapi-nis >= 0.56.4
>     softhsm >= 2.0.0rc1-1
>     sssd-dbus >= 2.9.0
>     systemd-units >= 246.6-3
>     systemd-units >= 246.6-3
>     systemd-units >= 246.6-3
>     systemd-units >= 246.6-3
>     systemd-units >= 246.6-3
>     tar
>     
> Output of "rpm -q --requires ipa-server-dns":
>     bind >= 9.11.20-6
>     bind-dnssec-utils >= 9.11.20-6
>     bind-dyndb-ldap >= 11.2-2
>     bind-utils >= 9.11.20-6
>     config(ipa-server-dns) = 4.11.0-1.el9
>     ipa-server = 4.11.0-1.el9
>     opendnssec >= 2.1.6-5
>     openssl-pkcs11 >= 0.4.10-6
>     rpmlib(CompressedFileNames) <= 3.0.4-1
>     rpmlib(FileDigests) <= 4.6.0-1
>     rpmlib(PayloadFilesHavePrefix) <= 4.0-1
>     rpmlib(PayloadIsZstd) <= 5.4.18-1
>     softhsm >= 2.5.0-4
> 
> As you wrote about idm-pki-ca, output "rpm -q --requires idm-pki-ca" for it:
>     idm-pki-server = 11.4.2-1.el9
>     rpmlib(CompressedFileNames) <= 3.0.4-1
>     rpmlib(FileDigests) <= 4.6.0-1
>     rpmlib(PayloadFilesHavePrefix) <= 4.0-1
>     rpmlib(PayloadIsZstd) <= 5.4.18-1
> --
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam, report it: 
> https://pagure.io/fedora-infrastructure/new_issue
> 
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to