I noticed that the referenced files in /var/kerberos/krb5kdc differ. They also
have quite different modification dates-
On ipa1, the kdc.crt is older (22.Auf 2023), on ipa2 it is much newer (13. Jan
2024)
I looked into the certs with
openssl x509 -in kdc.crt -text
These certs are not issued by our CA authority, they must be something created
by IPA internally.
Comparing the certs with meld, I noticed different dates, of course, but also
that the cert on the working ipa1 server has sections that are missing by the
other cert, namely
X509v3 Subject Alternative Name:
othername:<unsupported>, othername:<unsupported>
and
X509v3 Subject Key Identifier:
46:31:70:5C:55:B6:9F:D5:EC:29:9C:54:AE:3B:53:F5:0B:91:39:3A
1.3.6.1.4.1.311.20.2:
.".K.D.C.s._.P.K.I.N.I.T._.C.e.r.t.s
ISTR remember there was another thread where someone had similar issue and
solved it be requesting a new cert?
I
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
