>
> Looks like you're running into
> https://bugzilla.redhat.com/show_bug.cgi?id=1780782
>
> The fix wasn't backported to the ipa-4.6 branch.
>
> Try retrieving the CSR from certmonger as suggested in the BZ.
>
>
I tried that, bot no change:
# grep -A 19 csr /var/lib/certmonger/requests/20210601
Marc Boorshtein wrote:
>
>
> It didn't fail on the subsystem certificate, it failed on the TLS
> certificate for the CA itself (it seems). You can check that with:
>
> getcert list -d /etc/pki/pki-tomcat/alias -n "Server-Cert cert-pki-ca"
>
>
> Here's the output:
>
> [root@freeipa
>
> It didn't fail on the subsystem certificate, it failed on the TLS
> certificate for the CA itself (it seems). You can check that with:
>
> getcert list -d /etc/pki/pki-tomcat/alias -n "Server-Cert cert-pki-ca"
>
>
Here's the output:
[root@freeipa ca]# getcert list -d /etc/pki/pki-tomcat/alias
Marc Boorshtein via FreeIPA-users wrote:
> I'm trying to fix a freeipa 4.6 cluster running on centos 7 that has
> expired directory and http certificates. I turned back the clock so
> that the certs would be valid and am trying to run ipa-cert-fix but its
> failing with:
>
> INFO: Loading passwor
lejeczek via FreeIPA-users wrote:
>
>
> On 14/09/2021 15:11, lejeczek via FreeIPA-users wrote:
>>
>>
>> On 14/09/2021 14:13, Rob Crittenden wrote:
>>> lejeczek via FreeIPA-users wrote:
Hi guys.
I get:
-> $ ipa host-del c8kubernode1.private.lot
ipa: ERROR: Certificate
I'm trying to fix a freeipa 4.6 cluster running on centos 7 that has
expired directory and http certificates. I turned back the clock so that
the certs would be valid and am trying to run ipa-cert-fix but its failing
with:
INFO: Loading password config: /etc/pki/pki-tomcat/password.conf
INFO: Fix
On 14/09/2021 15:11, lejeczek via FreeIPA-users wrote:
On 14/09/2021 14:13, Rob Crittenden wrote:
lejeczek via FreeIPA-users wrote:
Hi guys.
I get:
-> $ ipa host-del c8kubernode1.private.lot
ipa: ERROR: Certificate operation cannot be completed:
Unable to
communicate with CMS (403)
->
On 14/09/2021 14:13, Rob Crittenden wrote:
lejeczek via FreeIPA-users wrote:
Hi guys.
I get:
-> $ ipa host-del c8kubernode1.private.lot
ipa: ERROR: Certificate operation cannot be completed: Unable to
communicate with CMS (403)
-> $ ipa cert-show 1
ipa: ERROR: Certificate operation cannot b
lejeczek via FreeIPA-users wrote:
> Hi guys.
>
> I get:
>
> -> $ ipa host-del c8kubernode1.private.lot
> ipa: ERROR: Certificate operation cannot be completed: Unable to
> communicate with CMS (403)
>
> -> $ ipa cert-show 1
> ipa: ERROR: Certificate operation cannot be completed: Request failed
Hi guys.
I get:
-> $ ipa host-del c8kubernode1.private.lot
ipa: ERROR: Certificate operation cannot be completed:
Unable to communicate with CMS (403)
-> $ ipa cert-show 1
ipa: ERROR: Certificate operation cannot be completed:
Request failed with status 403: Non-2xx response from CA
REST AP
Hi,
I was not able to reproduce this issue:
# ipa host-add myhost.ipa.test --ip-address $IP
# ipa dnsrecord-find ipa.test
>> shows myhost.ipa.test has been added
# ipa host-add-principal myhost host/myalias.ipa.test
# ipa dnsrecord-find ipa.test
>> no new record added
DNS records are added when
11 matches
Mail list logo