On Fri, 2021-09-17 at 12:35 +0000, pp via FreeIPA-users wrote: > Could you check if your "requiredSecret" value matches the "secret" in > "/etc/pki/pki-tomcat/server.xml"? > I had two lines where they were different and the value has to match the > secret in "/etc/httpd/conf.d/ipa-pki-proxy.conf". Once they all matched I > restarted pki-tomcatd@pki-tomcat.service and httpd > and both CLI and WebGUI certificate management worked again. > According to a different thread "tomcat pre-9.0.31.0 uses 'requiredSecret' > and afterward uses 'secret'." > I am running my FreeIPA server on CentOS 8 Stream which uses tomcat 9.0.30. > My uninformed guess is the last FreeIPA update from 4.9.3 to 4.9.6 configured > "secret" only and not "requiredSecret" which > "broke" the config for the tomcat version used. Hope this helps. > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure
I can confirm that I ran in this issue on CentOS Stream 8 and this solution works. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure