On Tue, 16 Feb 2016, Mitra Dehghan wrote:
Hello,
I want to Sync IPA and Active directory servers:
1- I'm using an external root CA server which uses key size of 4096
2- Both IPA and Active directory, use the same CA server as external root
CA.
3- Using default configuration,the handshake process for establishing SSL
connection between servers(IPA and active directory) is failed during
certificate-base authentication. As a result password Sync. fails after
user synchronization is done.

I guess the problem is key size and I was wondering if any special changes
are required in the CA instance configured by IPA or if the job is possible
at all.

Note: Things goes well when I use internal CA servers both for active
directory and IPA server.
Can you give a bit more details about your environment? We fixed a bug
in NSS some time ago related to this issue.
https://rhn.redhat.com/errata/RHBA-2015-2121.html

What is your distribution? nss package version? IPA version? 389-ds-base
version?

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to