[Freeipa-users] Re: ipa certificates expired - can't get the system up and running again

Thanks a lot for your quick reply. Problem has solved itself in the meanwhile. I failed to run ipa-server-certinstall as I said. Upon resetting the date/time of the server to the current time it suddenly worked. Best, Andreas Rob Crittenden via FreeIPA-users [29 Aug 2023 20:55]: Andreas

[Freeipa-users] anonymous kinit (-n) failed with "PKINIT client could not verify DH reply" (solution)

I found that 'kinit -n' was prompting me for the password for WELLKNOWN/anonym...@ipa.example.com. This happened on everal, but not all clients. After setting the environment variable KRB5_TRACE=/dev/stderr, the useful parts of the output of 'kinit -n' were: [826240] 1693432177.150062: PKINIT