I spun up a new server and did a fresh install of IPA. On that server if I run
the command I get a better result
# openssl verify -verbose -show_chain -CAfile /etc/ipa/ca.crt
/var/lib/ipa/ra-agent.pem
/var/lib/ipa/ra-agent.pem: OK
Chain:
depth=0: O = AUTH..NET, CN = IPA RA (untrusted)
Hi folks
I make use of certmonger's key_use_count to ensure that I don't use the
same private key more than once when issuing service certificates. I was
wondering what would happen if this was set on a FreeIPA server. Having
done a bit of reading I think this looks like a Very Bad Idea, but
If I run that command manually it doesn't appear to do anything except output
'recognized usages"
If I try it without the -show_chain flag I get
# openssl verify -verbose -CAfile /etc/ipa/ca.crt /var/lib/ipa/ra-agent.pem
/var/lib/ipa/ra-agent.pem: O = IPA..NET, CN = IPA RA
error 20 at 0
On Аўт, 02 кра 2024, Natxo Asenjo wrote:
hi,
On Tue, Mar 26, 2024 at 2:47 PM Natxo Asenjo wrote:
hi,
posting back to the list.
Apparently the idm server cannot find a SID of a domain when trying to
resolve the user account. It does find the user account, but there are
sids coupled to
Travis West via FreeIPA-users wrote:
> Rob,
>
> I installed the ipa-healthcheck that you got to work on CentOS 7, and run it.
> Got a couple of errors regarding the RA Agent cert:
>
> [
> {
> "source": "ipahealthcheck.ipa.certs",
> "kw": {
> "msg": "Certificate validation for
Rob,
I installed the ipa-healthcheck that you got to work on CentOS 7, and run it.
Got a couple of errors regarding the RA Agent cert:
[
{
"source": "ipahealthcheck.ipa.certs",
"kw": {
"msg": "Certificate validation for /var/lib/ipa/ra-agent.pem failed: ",
"reason": "",
This morning I tried running ipa-server-upgrade to see if that would help. It
ultimately failed, but in a different spot and with a different error:
2024-04-04T11:36:42Z DEBUG The CA status is: running
2024-04-04T11:36:42Z INFO [Ensuring CA is using LDAPProfileSubsystem]
2024-04-04T11:36:42Z
On Чцв, 04 кра 2024, Riccardo Rotondo via FreeIPA-users wrote:
Hi Alexander,
Thank you Alexander, this solution probably fits our needs.
My only problem now is the I configured freeipa with docker, and in
that image developer didn't include the Fedora Account System plugin
for IPA so in the log
On 04/04/2024 13.24, Riccardo Rotondo via FreeIPA-users wrote:
Hi Alexander,
Thank you Alexander, this solution probably fits our needs.
My only problem now is the I configured freeipa with docker, and in that image
developer didn't include the Fedora Account System plugin for IPA so in the
Hi Alexander,
Thank you Alexander, this solution probably fits our needs.
My only problem now is the I configured freeipa with docker, and in that image
developer didn't include the Fedora Account System plugin for IPA so in the log
I found:
ERROR in middleware: Uncaught IPA exception:
10 matches
Mail list logo
