On ke, 08 helmi 2023, Алексей Иванов wrote:
Greetings,
Thanks a lot for your explanation. Based on your message and my humble
research would it be safe to say that to enforce TLS connections with a
specific ciphers to the default FreeIPA deployment one can do these:
1. Require secure bind
Appreciate the response.
Unfortunately, I’ve got the hand i’ve been deal with. Our machines normally
have 1-2 but if someone hardcodes a single DNS it’s probably going to the main
server. The systems using DHCP would be fine…but for the ones that aren’t it
will just all break.
No matter, to
I forgot one more option. Since the first server is older than the
other 2, you could not upgrade it but just shut it down. Follow the
procedures: promote one of the two newer servers to CA renewal master,
follow steps to decomission/remove the server from the domain, remove
DNS SRV and A/
On Wed, 8 Feb 2023 09:53:35 -0600
Kevin Vasko via FreeIPA-users
wrote:
> Thanks Rafael.
>
> I was hoping to do it in place if at all possible because where things get
> complicated is the 4.5.4 server is also the internal DNS server that
> everyone utilizes (we have multiple but people just use
Bryan Fang via FreeIPA-users wrote:
> Hi Rob and Flo,
> thanks for your reply, yes I am using external CA certificate, we have
> separate Apache server as proxy of ipa server, and we are using external CA
> certificate for Apache server, version of ipa server is 4.6.8, and I don’t
> know how
Greetings,
Thanks a lot for your explanation. Based on your message and my humble
research would it be safe to say that to enforce TLS connections with a
specific ciphers to the default FreeIPA deployment one can do these:
1. Require secure bind nsslapd-require-secure-binds=on (will reject all
Alex Ivanov via FreeIPA-users wrote:
> Greetings,
>
> I'm trying to use certmonger to automate certificate signing with FreeIPA. It
> is working fine but it adds additional values to SAN for issued certificates
>
> Other Name:
> Principal Name=HTTP/@
> Other Name:
> 1.3.6.1.5.2.2=
>
Greetings,
I'm trying to use certmonger to automate certificate signing with FreeIPA. It
is working fine but it adds additional values to SAN for issued certificates
Other Name:
Principal Name=HTTP/@
Other Name:
1.3.6.1.5.2.2=
If I choose to generate certificates using openssl and
Hi Rob,
Thank you for the explanation. Makes sense.
Kathy.
On Tue, Feb 7, 2023 at 5:32 PM Rob Crittenden wrote:
> Kathy Zhu via FreeIPA-users wrote:
> > Hi Team,
> >
> > I like to understand more about the /root/cacert.p12 file in a self
> > signed CA environment. Here are the questions:
> >
Thanks Rafael.
I was hoping to do it in place if at all possible because where things get
complicated is the 4.5.4 server is also the internal DNS server that
everyone utilizes (we have multiple but people just use the 1 mainly). It
really was their "main" server. I added the other two replicas a
Thank you. Yes, this is my needed solution. Also have to upgrade to version
4.9.10+.
Regards,
Lee
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora
On Tue, Feb 7, 2023 at 6:29 PM Kevin Vasko via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
>
> We have a set of 3x freeIPA servers that have outdated (everything) in a
development/test environment that need to be updated.
>
> It seems that 4.6.8-5.el7.centos.12 is the latest
Am Wed, Feb 08, 2023 at 08:37:11AM - schrieb r0 nam1 via FreeIPA-users:
> Uploaded logs that were created when logged in:
> https://temp.sh/FwJrh/terminallogs.zip
> (By 'tail -f' while logging in)
Hi,
it looks like you have added ipacertmapdata base mapping rule, but there
is no user in IPA
Uploaded logs that were created when logged in:
https://temp.sh/FwJrh/terminallogs.zip
(By 'tail -f' while logging in)
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
14 matches
Mail list logo