[Freeipa-users] Re: Problems after replacing SSL certificates

Hi, you can manually add the new CA to the NSS databases: - /etc/dirsrv/slapd-xxx - /etc/ipa/nssdb - /etc/pki/pki-tomcat/alias (if you have configured an embedded CA) - /etc/httpd/alias (if IPA version < 4.7) and to the PEM files /etc/ipa/ca.crt and /usr/share/ipa/html/ca.crt. ipa-certupdate

[Freeipa-users] Re: Unable to install FreeIPA when crypto-policy = FUTURE

On Mon, Oct 18, 2021 at 12:49:35PM -0400, Rob Crittenden wrote: > Jeffrey van Pelt via FreeIPA-users wrote: > > Hi all, > > > > Currently I'm setting up a FreeIPA instance on EL8 with the > > crypto-policy set to FUTURE. > > > > When running the ipa-server-install program, it errors out when

[Freeipa-users] Re: ipahealth keeps complaining even after re-initialize

Kees Bakker via FreeIPA-users wrote: > Hi, > > This morning we ran into a problem after updating 386-base to 1.4.4.17 > (hoping to solve a trimming [1] issue). > The ns-slapd server ended up in a deadlock so I had to revert. > > Since then we have ipahealthcheck reporting CRITICAL "is not in >

[Freeipa-users] Re: Problems after replacing SSL certificates

Hello, I’ve been suffocating the same problem. I applied ipa-server-certinstall without adding ca first. I applied your steps and added my ca.crt to /etc/ipa/ca.crt and /etc/ipa/nssdb with certutil, after than I run ipa-certupdate and it fails again. [root@xxx ~]# certutil -d

[Freeipa-users] Unable to install FreeIPA when crypto-policy = FUTURE

Hi all, Currently I'm setting up a FreeIPA instance on EL8 with the crypto-policy set to FUTURE. When running the ipa-server-install program, it errors out when setting up the PKI infrastructure. Below is the command I ran: ``` ipa-server-install --pki-config-override

[Freeipa-users] Re: firewall rules for AD trust

Hi, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-during#trust-req-ports HTH, flo On Fri, Oct 15, 2021 at 2:14 PM iulian roman via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello everybody, > >

[Freeipa-users] ipahealth keeps complaining even after re-initialize

Hi, This morning we ran into a problem after updating 386-base to 1.4.4.17 (hoping to solve a trimming [1] issue). The ns-slapd server ended up in a deadlock so I had to revert. Since then we have ipahealthcheck reporting CRITICAL "is not in synchronization" errors. Also, in one of the

[Freeipa-users] Re: Unable to communicate with CMS (403)

Hi Antonie, I've checked requiredSecret and secret values in the files you indicated. They are matching. My installations are fresh, I didn't upgrade from previous versions. I'm going to backup nssdb and reinitialize it, maybe it works. Regards, Antoine Gatineau via FreeIPA-users , 17 Eki 2021