On Thu, 2011-12-22 at 22:54 -0500, Benjamin Reed wrote:
> This implies I guess the LDAP server isn't accepting this cert?

No, more that the client does not recognized the LDAP server's cert as
It may be because the ca.crt that is downloaded has not been updated and
so the client is getting the old ca.cert you had before the selfsign ->
dogtag migration I helped you with some time ago.

One thing you can test is if the ca.crt exposed via http is the same
that is stored on the server in /etc/ipa/ca.crt

> Is there a log that might explain what's going on on the server side?

You can look into the dirsrv access log
under /var/log/dirsrv/slpad-INSTANCE_NAME/access
(the log is buffered so you may have to wait a few seconds before you
see the log after the operation you want to monitor has been performed).

Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to