Schrier, William (Contractor) wrote: > >> Right. >> >> You'll need to get the serial number of the two certificates: >> >> # openssl x509 -serial -noout -in /var/lib/ipa/ra-agent.pem >> # openssl x509 -serial -noout -in /var/kerberos/krb5kdc/kdc.crt >> >> Then run pki-server cert-fix again specifying those serial numbers: >> >> # pki-server cert-fix --ldapi-socket /var/run/slapd-YOUR-REALM.socket >> --agent-uid ipara --extra-cert serial#1 --extra-cert serial#2 >> >> Restart certmonger to see the updated certificates. >> >> rob > > Any suggestions here: > > # openssl x509 -serial -noout -in /var/lib/ipa/ra-agent.pem > serial=21 > # openssl x509 -serial -noout -in /var/kerberos/krb5kdc/kdc.crt > serial=1F > # pki-server cert-fix --ldapi-socket /run/slapd-[DOMAIN].socket --agent-uid > ipara --extra-cert 21 --extra-cert 1F > ERROR: --extra-cert requires serial number as integer > >
Sorry I forgot to mention, you need to provide decimal values. In this case 31 and 33. rob -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
