Hi,
you can manually add the new CA to the NSS databases:
- /etc/dirsrv/slapd-xxx
- /etc/ipa/nssdb
- /etc/pki/pki-tomcat/alias (if you have configured an embedded CA)
- /etc/httpd/alias (if IPA version < 4.7)
and to the PEM files /etc/ipa/ca.crt and /usr/share/ipa/html/ca.crt.
ipa-certupdate
On Mon, Oct 18, 2021 at 12:49:35PM -0400, Rob Crittenden wrote:
> Jeffrey van Pelt via FreeIPA-users wrote:
> > Hi all,
> >
> > Currently I'm setting up a FreeIPA instance on EL8 with the
> > crypto-policy set to FUTURE.
> >
> > When running the ipa-server-install program, it errors out when
Kees Bakker via FreeIPA-users wrote:
> Hi,
>
> This morning we ran into a problem after updating 386-base to 1.4.4.17
> (hoping to solve a trimming [1] issue).
> The ns-slapd server ended up in a deadlock so I had to revert.
>
> Since then we have ipahealthcheck reporting CRITICAL "is not in
>
Hello, I’ve been suffocating the same problem. I applied ipa-server-certinstall
without adding ca first. I applied your steps and added my ca.crt to
/etc/ipa/ca.crt and /etc/ipa/nssdb with certutil, after than I run
ipa-certupdate and it fails again.
[root@xxx ~]# certutil -d
Hi all,
Currently I'm setting up a FreeIPA instance on EL8 with the
crypto-policy set to FUTURE.
When running the ipa-server-install program, it errors out when setting
up the PKI infrastructure.
Below is the command I ran:
```
ipa-server-install --pki-config-override
Hi,
please refer to
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/trust-during#trust-req-ports
HTH,
flo
On Fri, Oct 15, 2021 at 2:14 PM iulian roman via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Hello everybody,
>
>
Hi,
This morning we ran into a problem after updating 386-base to 1.4.4.17 (hoping
to solve a trimming [1] issue).
The ns-slapd server ended up in a deadlock so I had to revert.
Since then we have ipahealthcheck reporting CRITICAL "is not in synchronization" errors.
Also, in one of the
Hi Antonie,
I've checked requiredSecret and secret values in the files you indicated.
They are matching. My installations are fresh, I didn't upgrade from
previous versions. I'm going to backup nssdb and reinitialize it, maybe it
works. Regards,
Antoine Gatineau via FreeIPA-users ,
17 Eki 2021