On Tue, 16 Feb 2016, Mitra Dehghan wrote:
I want to Sync IPA and Active directory servers:
1- I'm using an external root CA server which uses key size of 4096
2- Both IPA and Active directory, use the same CA server as external root
3- Using default configuration,the handshake process for establishing SSL
connection between servers(IPA and active directory) is failed during
certificate-base authentication. As a result password Sync. fails after
user synchronization is done.
I guess the problem is key size and I was wondering if any special changes
are required in the CA instance configured by IPA or if the job is possible
Note: Things goes well when I use internal CA servers both for active
directory and IPA server.
Can you give a bit more details about your environment? We fixed a bug
in NSS some time ago related to this issue.
What is your distribution? nss package version? IPA version? 389-ds-base
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project