-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/23/11 12:02 PM, Simo Sorce wrote: > One thing you can test is if the ca.crt exposed via http is the same > that is stored on the server in /etc/ipa/ca.crt
they are identical, I did find that the errors file is complaining about this: [22/Dec/2011:21:31:15 -0600] attrcrypt - attrcrypt_unwrap_key: failed to unwrap key for cipher AES [22/Dec/2011:21:31:15 -0600] attrcrypt - attrcrypt_cipher_init: symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [22/Dec/2011:21:31:15 -0600] attrcrypt - attrcrypt_unwrap_key: failed to unwrap key for cipher 3DES [22/Dec/2011:21:31:15 -0600] attrcrypt - attrcrypt_cipher_init: symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value. [22/Dec/2011:21:31:16 -0600] attrcrypt - All prepared ciphers are not available. Please disable attribute encryption. - -- Benjamin Reed The OpenNMS Group http://www.opennms.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFO9PTfUu+jZtP2Zf4RAveHAJ9TniJdF74K/XSI3r8o8eKSS0+TEACfT6xc wWKYP73YzPY5SsnzNwnt16g= =KnIi -----END PGP SIGNATURE----- _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users