A massive thank you to Jan Cholasta for handholding me while I was getting this problem fixed. This is how we did it...
1. List all CA certificates in LDAP directory: ldapsearch -b cn=certificates,cn=ipa,$basedn 2. Using ldapdelete, get rid of all certificates that shouldn't be there, in my case there were 2 called "CA 1" and "CA 2" 3. List all certificates in the following databases ($db): - /etc/httpd/alias/ - /etc/dirsrv/slapd-IPA-YOUR-REALM/ - /etc/pki/nssdb/ - /etc/ipa/nssdb/ certutil -L -d $db 4. Delete incorrect certificates from the above databases: -- Kind regards, Peter Pakos
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
