On 11/11/2014 01:28 PM, Natxo Asenjo wrote:
> hi Nali,
> On Tue, Nov 11, 2014 at 12:57 PM, Martin Kosek <mko...@redhat.com> wrote:
> 
>> So if the lurking double encoded certificate is in LDAP, and thus Apache DS
>> shows is invalid (it shows as OK in my RHEL-7.0 server), maybe the easiest 
>> way
>> to fix it would be to:
>>
>> - Open your Apache DS
>> - Back up cn=CAcert,cn=ipa,cn=etc,dc=example,dc=com
>> - Delete the cn=CAcert,cn=ipa,cn=etc,dc=example,dc=com entry
>> - Run
>>   # ipa-ldap-updater --upgrade --ldapi --quiet
>>   on your 6.5+ server and the certificate entry should get regenerated 
>> (tested
>> with 7.0).
> 
> when you write 6.5+ server you mean in the kdc/CA server, right? Just
> checking :-)
> 
> Thanks!
> 
> --
> Groeten,
> natxo
> 

I meant IPA server running on RHEL/CentOS 6.5 or older... This is the one that
can regenerate CAcert entry without double encoding.

Martin

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to