Any other advice here? I have also tried setting system back to when
certificates were valid, restarting certmonger and pki-tomcatd, and running
getcert resubmit on the affected certs, this moves them to a "Monitoring"
status, but they still never renew when in present day or when the system is
I'm still stuck at this point, would anyone happen to know how to get the KVNO
issue resolved?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code o
> On Sep 22, 2023, at 19:35, Rob Crittenden via FreeIPA-users
> wrote:
>
> Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
>> Hi,
>>
>> I have a FreeIPA on a VM that I use for testing. I had to take a pause on my
>> work with it, and after a few months, when I turn on the machine, F
Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
> Hi,
>
> I have a FreeIPA on a VM that I use for testing. I had to take a pause on my
> work with it, and after a few months, when I turn on the machine, FreeIPA
> won’t start. I get this error:
>
> [Fri Sep 22 18:31:03.162384 2023] [ws
Hi,
I have a FreeIPA on a VM that I use for testing. I had to take a pause on my
work with it, and after a few months, when I turn on the machine, FreeIPA won’t
start. I get this error:
[Fri Sep 22 18:31:03.162384 2023] [wsgi:error] [pid 2433:tid 2433]
ModuleNotFoundError: No module named 'ip
Has anyone tried FreeIPA with RSA's SecurID® Authentication Agent for PAM ?
https://community.rsa.com/t5/securid-authentication-agent-for/tkb-p/auth-agent-pam-documentation
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsub
Ok, let me walk through some of the specific errors, and I will also
censor out some of the output since this is going to the public
mail-list as well.
Starting from the beginning.
- I have set the date to `1 month` before certificate expired with `sudo
date`
- I ran `ipactl restart --force`
Hi,
On Fri, Sep 22, 2023 at 12:36 PM Cristian Le wrote:
> Hi Florence,
>
> Thanks for the feedback, let me clarify the situation on the certificates:
> - External CA is still valid and it is a self-signed certificate that we
> use for other services. So we can manually sign any service certifica
I have the following Setup.
MK_INTERNAL_SUB_DOMAIN=example.test
MK_FREEIPA_SERVER_REALM=EXAMPLE.TEST
MK_FREEIPA_SERVER_DS_PASSWORD=password
MK_FREEIPA_SERVER_ADMIN_PASSWORD=password
MK_FREEIPA_SERVER_DNS_REVERSE_ZONE=0.18.172.in-addr.arpa
MK_FREEIPA_SERVER_IP=172.18.0.10
MK_FREEIPA_SERVER_DOMAIN_N
Thank you very much for your hint Ulf. That's working for me.
docker run -it \
-h ${MK_FREEIPA_SERVER_DOMAIN_NAME} \
--name ipa \
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
-v /tmp/freeipa-data/data:/data \
-e "IPA_SERVER_HOSTNAME=${MK_FREEIPA_SERVER_DOMAIN_NAME}" \
-e "IP
Hi Florence,
Thanks for the feedback, let me clarify the situation on the certificates:
- External CA is still valid and it is a self-signed certificate that we
use for other services. So we can manually sign any service certificates
to get them back up and running
- IPA CA is expired, let's s
On 21/09/2023 22:05, John Stokes via FreeIPA-users wrote:
What is the kracert.p12 used for?
I get this error when I try to export:
[root@aaa-01 ca]# pki-server subsystem-cert-export kra
--pkcs12-file=/root/kracertbackup.p12
ERROR: No kra subsystem in instance pki-tomcat.
You've probablty not
Hi,
On Thu, Sep 21, 2023 at 5:04 PM Cristian Le via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> I have tried my luck around with all the helpers: `pki-server cert-fix`,
> `ipa-cacert-manage`, `ipa-certupdate`, etc. but each one is failing on me
> for multiple reasons.
> - `ipa-
13 matches
Mail list logo