A massive thank you to Jan Cholasta for handholding me while I was getting
this problem fixed. This is how we did it...

1. List all CA certificates in LDAP directory:

ldapsearch -b cn=certificates,cn=ipa,$basedn

2. Using ldapdelete, get rid of all certificates that shouldn't be there,
in my case there were 2 called "CA 1" and "CA 2"

3. List all certificates in the following databases ($db):
- /etc/httpd/alias/
- /etc/dirsrv/slapd-IPA-YOUR-REALM/
- /etc/pki/nssdb/
- /etc/ipa/nssdb/

certutil -L -d $db

4. Delete incorrect certificates from the above databases:

Kind regards,
 Peter Pakos
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to