subject:"\[Freeipa\-users\] ipa\-cacert\-manage install failing with subject public key info mismatch"

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

2016-11-07 Thread David Dejaeghere

Can somebody help us how to move ahead with this issue?
It seems like nobody is picking this up?

Kind Regards,

David

2016-10-26 13:43 GMT+02:00 David Dejaeghere :

> Does anybody have a clue on how to continue with this?
>
> Kind Regards,
>
> David
>
> 2016-10-24 10:10 GMT+02:00 David Dejaeghere :
>
>> These are both the subjects for the old and new root ca cert.
>>
>> Subject: "CN=tokio-PAPRIKA-CA,DC=tokio,DC=local"
>> Subject Public Key Info:
>> Public Key Algorithm: PKCS #1 RSA Encryption
>> RSA Public Key:
>> Modulus:
>> d5:51:19:a0:7e:2f:b6:4b:cb:71:42:cb:38:bc:50:0a:
>> 18:16:58:07:11:c6:d3:ea:66:91:a8:52:02:54:93:28:
>> 78:a1:89:36:7a:0f:1e:2a:35:8a:da:85:05:c4:fe:de:
>> e8:6a:e8:fd:1b:89:44:8f:8c:62:d6:56:f7:9e:16:d5:
>> fd:b4:44:65:71:4f:1a:7d:d6:28:2d:5e:ad:c9:da:60:
>> 54:98:02:87:d9:43:62:ab:1b:93:c1:af:0b:b9:80:2e:
>> 08:f0:65:46:bf:de:78:c5:d2:19:b8:07:52:d6:01:ab:
>> d0:b2:7d:0a:7f:9f:fa:e8:8c:55:86:e0:d3:d5:ef:e7:
>> ad:6a:12:a2:b8:75:be:93:c2:05:df:99:a9:d8:a2:cc:
>> 7c:2b:49:d6:a3:65:0c:c8:ef:c3:a4:b6:f6:86:1d:c2:
>> 56:56:1b:0d:70:7a:67:15:49:2f:b7:92:8e:2a:94:57:
>> 53:26:ef:9a:af:89:fe:cb:1e:e7:ac:72:9a:cd:b4:22:
>> b1:22:02:fd:95:23:e0:65:d0:36:e8:e1:88:2b:35:02:
>> 99:1c:ee:84:10:80:84:a8:e5:61:04:6b:a3:6b:da:c5:
>> 49:36:ef:f6:48:09:2c:0d:7c:b2:52:4f:a6:72:cc:e6:
>> 30:b5:dd:a0:5b:0e:96:49:78:9d:1e:27:4e:02:40:a1
>> Exponent: 65537 (0x10001)
>>
>> Subject: DC=local, DC=tokio, CN=tokio-PAPRIKA-CA
>> Subject Public Key Info:
>> Public Key Algorithm: rsaEncryption
>> Public-Key: (2048 bit)
>> Modulus:
>> 00:ae:32:35:fa:b5:f4:2d:b8:0c:c3:d9:b0:9f:a8:
>> 5d:21:90:58:a9:79:79:7d:85:7e:f1:f2:36:9d:ef:
>> 9f:8c:a8:3a:bf:57:5c:2e:6b:5d:2e:91:ba:c6:b7:
>> b2:b1:dd:45:de:e6:d4:fe:01:f4:d2:bd:99:9f:9a:
>> 71:1d:d4:e4:a7:cd:9e:f3:36:a7:a0:73:55:6b:04:
>> 66:ab:c3:63:b3:41:06:ac:c8:c8:3a:4c:eb:83:78:
>> 6e:e8:b6:0f:94:fa:a8:7e:7d:89:44:d1:bd:be:14:
>> df:0c:ce:4d:b4:e6:0a:e2:d7:84:95:4b:a1:3e:53:
>> c9:04:3f:7b:de:1b:fd:7b:b5:b0:69:3b:f9:f2:b5:
>> a7:fe:6d:9d:62:6e:9a:fc:1e:32:69:ad:4c:ae:e3:
>> 61:dd:92:99:34:4b:bf:6b:02:88:18:88:a2:0f:ca:
>> e8:6e:91:f0:e6:2e:4d:83:f6:05:7e:ed:f2:f1:3e:
>> b2:36:3f:de:3f:db:93:73:5b:60:ee:8c:48:e0:c0:
>> 4c:0e:6a:63:1a:16:af:9e:28:93:40:39:23:bf:d0:
>> 77:9c:b7:80:d3:c3:42:d8:27:db:d7:4b:e5:3f:b4:
>> d2:ad:57:c2:01:73:c8:45:26:f1:00:93:50:3e:cf:
>> 7a:2d:25:d5:43:b6:a7:75:a1:ef:58:f9:c9:11:e8:
>> 09:1d
>> Exponent: 65537 (0x10001)
>>
>> 2016-10-24 5:49 GMT+02:00 Fil Di Noto :
>>
>>> Hi,
>>>
>>> Can you give an example of what's different between the two subjects?
>>>
>>> On Sun, Oct 23, 2016 at 9:03 AM, David Dejaeghere <
>>> david.dejaegh...@gmail.com> wrote:
>>>
 Does somebody have an idea how to replace our certificates when the new
 ROOT ca certificate has a different subject?
 The UI is down because of this.

 2016-10-19 11:42 GMT+02:00 David Dejaeghere :

> Hello,
>
> When installing FreeIPA we used the CA from our Windows servers.
> This one recently expired and we created a new one.  It seems that the
> new root CA has another subject name and this seems to be an issue when we
> want to install new certs on our FreeIPA hosts.
>
> ipa-cacert-manage install certnew.pem -n mycert -t C,,
>
> Installing CA certificate, please wait
> Failed to install the certificate: subject public key info mismatch
>
> After validating the subjects are indeed different.
>
> How can we replace the required certs for dirsrv and http when the ca
> is not installable?
>
> Kind Regards,
>
> David
>
>
>

 --
 Manage your subscription for the Freeipa-users mailing list:
 https://www.redhat.com/mailman/listinfo/freeipa-users
 Go to http://freeipa.org for more info on the project

>>>
>>>
>>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

2016-10-26 Thread David Dejaeghere

Does anybody have a clue on how to continue with this?

Kind Regards,

David

2016-10-24 10:10 GMT+02:00 David Dejaeghere :

> These are both the subjects for the old and new root ca cert.
>
> Subject: "CN=tokio-PAPRIKA-CA,DC=tokio,DC=local"
> Subject Public Key Info:
> Public Key Algorithm: PKCS #1 RSA Encryption
> RSA Public Key:
> Modulus:
> d5:51:19:a0:7e:2f:b6:4b:cb:71:42:cb:38:bc:50:0a:
> 18:16:58:07:11:c6:d3:ea:66:91:a8:52:02:54:93:28:
> 78:a1:89:36:7a:0f:1e:2a:35:8a:da:85:05:c4:fe:de:
> e8:6a:e8:fd:1b:89:44:8f:8c:62:d6:56:f7:9e:16:d5:
> fd:b4:44:65:71:4f:1a:7d:d6:28:2d:5e:ad:c9:da:60:
> 54:98:02:87:d9:43:62:ab:1b:93:c1:af:0b:b9:80:2e:
> 08:f0:65:46:bf:de:78:c5:d2:19:b8:07:52:d6:01:ab:
> d0:b2:7d:0a:7f:9f:fa:e8:8c:55:86:e0:d3:d5:ef:e7:
> ad:6a:12:a2:b8:75:be:93:c2:05:df:99:a9:d8:a2:cc:
> 7c:2b:49:d6:a3:65:0c:c8:ef:c3:a4:b6:f6:86:1d:c2:
> 56:56:1b:0d:70:7a:67:15:49:2f:b7:92:8e:2a:94:57:
> 53:26:ef:9a:af:89:fe:cb:1e:e7:ac:72:9a:cd:b4:22:
> b1:22:02:fd:95:23:e0:65:d0:36:e8:e1:88:2b:35:02:
> 99:1c:ee:84:10:80:84:a8:e5:61:04:6b:a3:6b:da:c5:
> 49:36:ef:f6:48:09:2c:0d:7c:b2:52:4f:a6:72:cc:e6:
> 30:b5:dd:a0:5b:0e:96:49:78:9d:1e:27:4e:02:40:a1
> Exponent: 65537 (0x10001)
>
> Subject: DC=local, DC=tokio, CN=tokio-PAPRIKA-CA
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> Public-Key: (2048 bit)
> Modulus:
> 00:ae:32:35:fa:b5:f4:2d:b8:0c:c3:d9:b0:9f:a8:
> 5d:21:90:58:a9:79:79:7d:85:7e:f1:f2:36:9d:ef:
> 9f:8c:a8:3a:bf:57:5c:2e:6b:5d:2e:91:ba:c6:b7:
> b2:b1:dd:45:de:e6:d4:fe:01:f4:d2:bd:99:9f:9a:
> 71:1d:d4:e4:a7:cd:9e:f3:36:a7:a0:73:55:6b:04:
> 66:ab:c3:63:b3:41:06:ac:c8:c8:3a:4c:eb:83:78:
> 6e:e8:b6:0f:94:fa:a8:7e:7d:89:44:d1:bd:be:14:
> df:0c:ce:4d:b4:e6:0a:e2:d7:84:95:4b:a1:3e:53:
> c9:04:3f:7b:de:1b:fd:7b:b5:b0:69:3b:f9:f2:b5:
> a7:fe:6d:9d:62:6e:9a:fc:1e:32:69:ad:4c:ae:e3:
> 61:dd:92:99:34:4b:bf:6b:02:88:18:88:a2:0f:ca:
> e8:6e:91:f0:e6:2e:4d:83:f6:05:7e:ed:f2:f1:3e:
> b2:36:3f:de:3f:db:93:73:5b:60:ee:8c:48:e0:c0:
> 4c:0e:6a:63:1a:16:af:9e:28:93:40:39:23:bf:d0:
> 77:9c:b7:80:d3:c3:42:d8:27:db:d7:4b:e5:3f:b4:
> d2:ad:57:c2:01:73:c8:45:26:f1:00:93:50:3e:cf:
> 7a:2d:25:d5:43:b6:a7:75:a1:ef:58:f9:c9:11:e8:
> 09:1d
> Exponent: 65537 (0x10001)
>
> 2016-10-24 5:49 GMT+02:00 Fil Di Noto :
>
>> Hi,
>>
>> Can you give an example of what's different between the two subjects?
>>
>> On Sun, Oct 23, 2016 at 9:03 AM, David Dejaeghere <
>> david.dejaegh...@gmail.com> wrote:
>>
>>> Does somebody have an idea how to replace our certificates when the new
>>> ROOT ca certificate has a different subject?
>>> The UI is down because of this.
>>>
>>> 2016-10-19 11:42 GMT+02:00 David Dejaeghere 
>>> :
>>>
 Hello,

 When installing FreeIPA we used the CA from our Windows servers.
 This one recently expired and we created a new one.  It seems that the
 new root CA has another subject name and this seems to be an issue when we
 want to install new certs on our FreeIPA hosts.

 ipa-cacert-manage install certnew.pem -n mycert -t C,,

 Installing CA certificate, please wait
 Failed to install the certificate: subject public key info mismatch

 After validating the subjects are indeed different.

 How can we replace the required certs for dirsrv and http when the ca
 is not installable?

 Kind Regards,

 David



>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>>
>>
>>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

2016-10-24 Thread David Dejaeghere

These are both the subjects for the old and new root ca cert.

Subject: "CN=tokio-PAPRIKA-CA,DC=tokio,DC=local"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
d5:51:19:a0:7e:2f:b6:4b:cb:71:42:cb:38:bc:50:0a:
18:16:58:07:11:c6:d3:ea:66:91:a8:52:02:54:93:28:
78:a1:89:36:7a:0f:1e:2a:35:8a:da:85:05:c4:fe:de:
e8:6a:e8:fd:1b:89:44:8f:8c:62:d6:56:f7:9e:16:d5:
fd:b4:44:65:71:4f:1a:7d:d6:28:2d:5e:ad:c9:da:60:
54:98:02:87:d9:43:62:ab:1b:93:c1:af:0b:b9:80:2e:
08:f0:65:46:bf:de:78:c5:d2:19:b8:07:52:d6:01:ab:
d0:b2:7d:0a:7f:9f:fa:e8:8c:55:86:e0:d3:d5:ef:e7:
ad:6a:12:a2:b8:75:be:93:c2:05:df:99:a9:d8:a2:cc:
7c:2b:49:d6:a3:65:0c:c8:ef:c3:a4:b6:f6:86:1d:c2:
56:56:1b:0d:70:7a:67:15:49:2f:b7:92:8e:2a:94:57:
53:26:ef:9a:af:89:fe:cb:1e:e7:ac:72:9a:cd:b4:22:
b1:22:02:fd:95:23:e0:65:d0:36:e8:e1:88:2b:35:02:
99:1c:ee:84:10:80:84:a8:e5:61:04:6b:a3:6b:da:c5:
49:36:ef:f6:48:09:2c:0d:7c:b2:52:4f:a6:72:cc:e6:
30:b5:dd:a0:5b:0e:96:49:78:9d:1e:27:4e:02:40:a1
Exponent: 65537 (0x10001)

Subject: DC=local, DC=tokio, CN=tokio-PAPRIKA-CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ae:32:35:fa:b5:f4:2d:b8:0c:c3:d9:b0:9f:a8:
5d:21:90:58:a9:79:79:7d:85:7e:f1:f2:36:9d:ef:
9f:8c:a8:3a:bf:57:5c:2e:6b:5d:2e:91:ba:c6:b7:
b2:b1:dd:45:de:e6:d4:fe:01:f4:d2:bd:99:9f:9a:
71:1d:d4:e4:a7:cd:9e:f3:36:a7:a0:73:55:6b:04:
66:ab:c3:63:b3:41:06:ac:c8:c8:3a:4c:eb:83:78:
6e:e8:b6:0f:94:fa:a8:7e:7d:89:44:d1:bd:be:14:
df:0c:ce:4d:b4:e6:0a:e2:d7:84:95:4b:a1:3e:53:
c9:04:3f:7b:de:1b:fd:7b:b5:b0:69:3b:f9:f2:b5:
a7:fe:6d:9d:62:6e:9a:fc:1e:32:69:ad:4c:ae:e3:
61:dd:92:99:34:4b:bf:6b:02:88:18:88:a2:0f:ca:
e8:6e:91:f0:e6:2e:4d:83:f6:05:7e:ed:f2:f1:3e:
b2:36:3f:de:3f:db:93:73:5b:60:ee:8c:48:e0:c0:
4c:0e:6a:63:1a:16:af:9e:28:93:40:39:23:bf:d0:
77:9c:b7:80:d3:c3:42:d8:27:db:d7:4b:e5:3f:b4:
d2:ad:57:c2:01:73:c8:45:26:f1:00:93:50:3e:cf:
7a:2d:25:d5:43:b6:a7:75:a1:ef:58:f9:c9:11:e8:
09:1d
Exponent: 65537 (0x10001)

2016-10-24 5:49 GMT+02:00 Fil Di Noto :

> Hi,
>
> Can you give an example of what's different between the two subjects?
>
> On Sun, Oct 23, 2016 at 9:03 AM, David Dejaeghere <
> david.dejaegh...@gmail.com> wrote:
>
>> Does somebody have an idea how to replace our certificates when the new
>> ROOT ca certificate has a different subject?
>> The UI is down because of this.
>>
>> 2016-10-19 11:42 GMT+02:00 David Dejaeghere :
>>
>>> Hello,
>>>
>>> When installing FreeIPA we used the CA from our Windows servers.
>>> This one recently expired and we created a new one.  It seems that the
>>> new root CA has another subject name and this seems to be an issue when we
>>> want to install new certs on our FreeIPA hosts.
>>>
>>> ipa-cacert-manage install certnew.pem -n mycert -t C,,
>>>
>>> Installing CA certificate, please wait
>>> Failed to install the certificate: subject public key info mismatch
>>>
>>> After validating the subjects are indeed different.
>>>
>>> How can we replace the required certs for dirsrv and http when the ca is
>>> not installable?
>>>
>>> Kind Regards,
>>>
>>> David
>>>
>>>
>>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

2016-10-23 Thread Fil Di Noto

Hi,

Can you give an example of what's different between the two subjects?

On Sun, Oct 23, 2016 at 9:03 AM, David Dejaeghere <
david.dejaegh...@gmail.com> wrote:

> Does somebody have an idea how to replace our certificates when the new
> ROOT ca certificate has a different subject?
> The UI is down because of this.
>
> 2016-10-19 11:42 GMT+02:00 David Dejaeghere :
>
>> Hello,
>>
>> When installing FreeIPA we used the CA from our Windows servers.
>> This one recently expired and we created a new one.  It seems that the
>> new root CA has another subject name and this seems to be an issue when we
>> want to install new certs on our FreeIPA hosts.
>>
>> ipa-cacert-manage install certnew.pem -n mycert -t C,,
>>
>> Installing CA certificate, please wait
>> Failed to install the certificate: subject public key info mismatch
>>
>> After validating the subjects are indeed different.
>>
>> How can we replace the required certs for dirsrv and http when the ca is
>> not installable?
>>
>> Kind Regards,
>>
>> David
>>
>>
>>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

2016-10-23 Thread David Dejaeghere

Does somebody have an idea how to replace our certificates when the new
ROOT ca certificate has a different subject?
The UI is down because of this.

2016-10-19 11:42 GMT+02:00 David Dejaeghere :

> Hello,
>
> When installing FreeIPA we used the CA from our Windows servers.
> This one recently expired and we created a new one.  It seems that the new
> root CA has another subject name and this seems to be an issue when we want
> to install new certs on our FreeIPA hosts.
>
> ipa-cacert-manage install certnew.pem -n mycert -t C,,
>
> Installing CA certificate, please wait
> Failed to install the certificate: subject public key info mismatch
>
> After validating the subjects are indeed different.
>
> How can we replace the required certs for dirsrv and http when the ca is
> not installable?
>
> Kind Regards,
>
> David
>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

2016-10-19 Thread David Dejaeghere

Hello,

When installing FreeIPA we used the CA from our Windows servers.
This one recently expired and we created a new one.  It seems that the new
root CA has another subject name and this seems to be an issue when we want
to install new certs on our FreeIPA hosts.

ipa-cacert-manage install certnew.pem -n mycert -t C,,

Installing CA certificate, please wait
Failed to install the certificate: subject public key info mismatch

After validating the subjects are indeed different.

How can we replace the required certs for dirsrv and http when the ca is
not installable?

Kind Regards,

David
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

Re: [Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

[Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch

6 matches

Site Navigation

Mail list logo

Footer information