On 2016-04-29 16:08, Petr Vobornik wrote:
> On 04/29/2016 02:53 PM, Bret Wortman wrote:
>> Despite "ipactl status" indicating that all processes were running after
>> step 1, step 2 produces "Unable to establish SSL connection."
>> Full terminal session is at http://pastebin.com/ZuNBHPy0
> Hm, it doesn't help me much.
> Does it contact the correct machine? I.e., is IP address OK?
> What is the result of:
> netstat -ln | grep 443
> netstat -ln | grep 8009
> Have you modified by any chance: /etc/httpd/conf.d/ipa-pki-proxy.conf
> Try to run curl, maybe it will be more verbose, but probably not:
>   # curl -v https://zsipa.private.net:443/ca/admin/ca/getStatus
> Christian(CCd), do you have any ideas?

Is Apache HTTPD running and listening on 443/TCP?

$ ss -tpln | grep 443

Did you install mod_ssl by any chance? FreeIPA uses mod_nss. mod_ssl can
disrupt TLS services.

The openssl client tool shows more debug information than curl:

openssl s_client -connect zsipa.private.net:443 -CAfile /etc/ipa/ca.crt
-verify 10


Attachment: signature.asc
Description: OpenPGP digital signature

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to