[Freeipa-users] Re: Deployment without CA

2018-10-31 Thread Fraser Tweedale via FreeIPA-users
On Wed, Oct 31, 2018 at 11:58:57AM -0400, Rob Crittenden via FreeIPA-users wrote: > Henrik Johansson via FreeIPA-users wrote: > > > > > >> On 31 Oct 2018, at 13:27, Andrey Bondarenko via FreeIPA-users > >> >> > wrote: > >> > >> It would create CSR

[Freeipa-users] Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Ticket expired)

2018-10-31 Thread lune voo via FreeIPA-users
Hello ! I contact you because I have a random problem with my 3.0.0.47 FreeIPA server. Sometimes, suddenly, I cannot use anymore the REST API and I got the following errors when I try things like ipa user-show : Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS

[Freeipa-users] Re: Add SubjectAltName in existing certificate

2018-10-31 Thread Peter Tselios via FreeIPA-users
Thank you Rob ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines:

[Freeipa-users] Re: Add SubjectAltName in existing certificate

2018-10-31 Thread Rob Crittenden via FreeIPA-users
Peter Tselios via FreeIPA-users wrote: > Hello, > I need to add a SAN in a certificate issued by FreeIPA. > I found a much older thread in the mailing list > (https://www.redhat.com/archives/freeipa-users/2015-September/msg00184.html) > that confirmed it's possible. > But since I don't want to

[Freeipa-users] Re: Deployment without CA

2018-10-31 Thread Rob Crittenden via FreeIPA-users
Henrik Johansson via FreeIPA-users wrote: > > >> On 31 Oct 2018, at 13:27, Andrey Bondarenko via FreeIPA-users >> > > wrote: >> >> It would create CSR for you on install. > > When are they generated? I know it does that when configuring IPA as a >

[Freeipa-users] Re: DNs forwaders

2018-10-31 Thread Andrew Meyer via FreeIPA-users
I remember entering a ldap command that would show me the forwaders of all the servers.  However ipa dnsserver-find gave me exactly what I wanted. On Wednesday, October 31, 2018 9:15 AM, Andrew Meyer via FreeIPA-users wrote: Please disregard. On Wednesday, October 31, 2018 9:04

[Freeipa-users] Re: DNs forwaders

2018-10-31 Thread Andrew Meyer via FreeIPA-users
Please disregard. On Wednesday, October 31, 2018 9:04 AM, Andrew Meyer via FreeIPA-users wrote: I have configured DNS forwarders in each of my FreeIPA servers.  However I want to be able to go back and verify they are there.  I can't remember how to get that information.  I am

[Freeipa-users] Re: DNs forwaders

2018-10-31 Thread Peter Tselios via FreeIPA-users
I don't think I understand what you want to do. You are not talking about ipa-dnsconfig --show or ipa-dnsforwardzone-find, do you? ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to

[Freeipa-users] DNs forwaders

2018-10-31 Thread Andrew Meyer via FreeIPA-users
I have configured DNS forwarders in each of my FreeIPA servers.  However I want to be able to go back and verify they are there.  I can't remember how to get that information.  I am running CentOS 7 latest with FreeIPA version 4.5.0.  I want to say there is an LDAP command I found. This is not

[Freeipa-users] Re: certmonger Error 77 Problem with the SSL CA cert

2018-10-31 Thread Kees Bakker via FreeIPA-users
On 30-10-18 19:41, Rob Crittenden wrote: > Kees Bakker wrote: >> On 29-10-18 19:30, Rob Crittenden wrote: >>> Kees Bakker via FreeIPA-users wrote: On 29-10-18 11:56, Kees Bakker via FreeIPA-users wrote: > On 26-10-18 18:20, Florence Blanc-Renaud wrote: >> On 10/26/18 6:09 PM, Kees

[Freeipa-users] Re: Deployment without CA

2018-10-31 Thread Henrik Johansson via FreeIPA-users
> On 31 Oct 2018, at 13:27, Andrey Bondarenko via FreeIPA-users > wrote: > > It would create CSR for you on install. When are they generated? I know it does that when configuring IPA as a sub-CA with “—external-ca", but without any CA I am supposed to specify the certificates when running

[Freeipa-users] Re: Deployment without CA

2018-10-31 Thread Alexander Bokovoy via FreeIPA-users
On ke, 31 loka 2018, Henrik Johansson via FreeIPA-users wrote: Hello, I am looking at using FreeIPA without CA, using external signed certificates, reading the documentations it looks possible using —dirsrv-certfile, —http-cert-file and —point-certfile. Should I just create a CSR for the

[Freeipa-users] Add SubjectAltName in existing certificate

2018-10-31 Thread Peter Tselios via FreeIPA-users
Hello, I need to add a SAN in a certificate issued by FreeIPA. I found a much older thread in the mailing list (https://www.redhat.com/archives/freeipa-users/2015-September/msg00184.html) that confirmed it's possible. But since I don't want to "destroy" the certificate, I want to know if the

[Freeipa-users] Re: Deployment without CA

2018-10-31 Thread Andrey Bondarenko via FreeIPA-users
It would create CSR for you on install. On Wed, Oct 31, 2018 at 1:22 PM Henrik Johansson via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello, > > I am looking at using FreeIPA without CA, using external signed > certificates, reading the documentations it looks possible

[Freeipa-users] Deployment without CA

2018-10-31 Thread Henrik Johansson via FreeIPA-users
Hello, I am looking at using FreeIPA without CA, using external signed certificates, reading the documentations it looks possible using —dirsrv-certfile, —http-cert-file and —point-certfile. Should I just create a CSR for the hostname by by hand and get it signed? Also is there any good reason