I've got a test instance of FreeIPA 4.4.4 running on F25 that was
installed with --external-ca, and the resulting CSR signed with a validity
period of 30 days to test behavior around expirations.
Upon booting that instance today, certmonger decided to preemptively renew
every IPA cert --
I see the replica listed under services idm's web-ui. It appears as "
HTTP/replica@DOMAIN". Is this normal ? I'm not sure if it's being tracked
for auto-renewal or if it was issued as a one time cert during setup. What
would be the steps to fix this ?
On Wed, May 24, 2017 at 12:00 AM, Alexander
Release date: 2017-05-23
The FreeIPA team would like to announce FreeIPA 4.5.1 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for
Fedora 25 and Fedora 26 will be available in the official
COPR repository
Hey Flo,
everything matches:
sudo certutil -L -d /etc/httpd/alias
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Signing-Cert u,u,u
Hi,
maybe one of you guys is able to help me with that.
Please dont ask why, but i have to convert my users ldap pass to htpasswd.
In my ldap setup running at the moment i do it like this:
---
ldapsearch -D 'cn=admin,dc=doman,dc=de' -w $PASS -LLL -x -b
"dc=domain,dc=de" uid=$user | grep
On 05/23/2017 10:56 PM, Jake via FreeIPA-users wrote:
I am trying to renew the last certificate for the IPA masters (previous
email) and am coming across this issue on my original IPA master (first
server)
getcert list -d /etc/httpd/alias -n "Server-Cert"
Number of certificates and requests
On ke, 24 touko 2017, Troels Hansen via FreeIPA-users wrote:
- On May 23, 2017, at 10:09 PM, Arpit Tolani via FreeIPA-users
freeipa-users@lists.fedorahosted.org wrote:
Hello
A bugzilla for the same is already open
https://bugzilla.redhat.com/show_bug.cgi?id=1392858
From the current
Hello Zak,
In fact 'dc' is IAString (e.g. ascii) (1.3.6.1.4.1.1466.115.121.1.26)
and so can be match with caseIgnoreIA5Match and
caseIgnoreIA5SubstringsMatch matching rules.
Directory string (e.g. UTF-8) (1.3.6.1.4.1.1466.115.121.1.15) can not.
It should however work if the 'dc' only