[Freeipa-users] Certificate renewals with external CA

I've got a test instance of FreeIPA 4.4.4 running on F25 that was installed with --external-ca, and the resulting CSR signed with a validity period of 30 days to test behavior around expirations. Upon booting that instance today, certmonger decided to preemptively renew every IPA cert --

[Freeipa-users] Re: Chrome 58 - CN for IPA management console to include SANs

I see the replica listed under services idm's web-ui. It appears as " HTTP/replica@DOMAIN". Is this normal ? I'm not sure if it's being tracked for auto-renewal or if it was issued as a one time cert during setup. What would be the steps to fix this ? On Wed, May 24, 2017 at 12:00 AM, Alexander

[Freeipa-users] Announcing FreeIPA 4.5.1

Release date: 2017-05-23 The FreeIPA team would like to announce FreeIPA 4.5.1 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 25 and Fedora 26 will be available in the official COPR repository

[Freeipa-users] Re: getcert list -d /etc/httpd/alias -n "Server-Cert" status: CA_UNREACHABLE

Hey Flo, everything matches: sudo certutil -L -d /etc/httpd/alias Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI Signing-Cert u,u,u

[Freeipa-users] convert freeipa (ldap) pass to htpasswd

Hi, maybe one of you guys is able to help me with that. Please dont ask why, but i have to convert my users ldap pass to htpasswd. In my ldap setup running at the moment i do it like this: --- ldapsearch -D 'cn=admin,dc=doman,dc=de' -w $PASS -LLL -x -b "dc=domain,dc=de" uid=$user | grep

[Freeipa-users] Re: getcert list -d /etc/httpd/alias -n "Server-Cert" status: CA_UNREACHABLE

On 05/23/2017 10:56 PM, Jake via FreeIPA-users wrote: I am trying to renew the last certificate for the IPA masters (previous email) and am coming across this issue on my original IPA master (first server) getcert list -d /etc/httpd/alias -n "Server-Cert" Number of certificates and requests

[Freeipa-users] Re: 4.5.0+ Rhel 7 support

On ke, 24 touko 2017, Troels Hansen via FreeIPA-users wrote: - On May 23, 2017, at 10:09 PM, Arpit Tolani via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote: Hello A bugzilla for the same is already open https://bugzilla.redhat.com/show_bug.cgi?id=1392858 From the current

[Freeipa-users] Re: Fwd: matching rule errors?

Hello Zak, In fact 'dc' is IAString (e.g. ascii) (1.3.6.1.4.1.1466.115.121.1.26) and so can be match with caseIgnoreIA5Match and caseIgnoreIA5SubstringsMatch matching rules. Directory string (e.g. UTF-8) (1.3.6.1.4.1.1466.115.121.1.15) can not. It should however work if the 'dc' only