That config gets overwritten on upgrades though. Can freeipa expose this as
a knob rather than users modifying config files directly ?
On Wed, Sep 22, 2021 at 10:03 PM Alexander Bokovoy via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> On ke, 22 syys 2021, Cutright, Jacob via
Thanks, Rob!
On Tue, Jan 5, 2021 at 10:01 AM Rob Crittenden wrote:
> Prasun Gera via FreeIPA-users wrote:
> > Thanks. That has fixed a part of the problem. I did the rename followed
> > by ipa-certupdate, which clears the duplicate nickname. It also shows
> > only
certupdate brings the
error back.
On Wed, Dec 23, 2020 at 10:04 AM Rob Crittenden wrote:
> Prasun Gera via FreeIPA-users wrote:
> > Renaming creates a duplicate. There was already a 'caSigningCert
> > cert-pki-ca' present in the db. Now it shows two entries with the same
> &
They both have the same validity dates, only different times.
> > One is off by 1 hour.
>
> Interesting. I'm not sure why ipa-certupdate would affect the certmonger
> tracking. This may also be failing due to the nickname.
>
> ipa-cacert-manage renews the CA cert. So you rene
ehow ? I'm not entirely sure why there
are two certificates with two serial numbers. They both have the same
validity dates, only different times. One is off by 1 hour.
On Mon, Dec 21, 2020 at 10:53 AM Rob Crittenden wrote:
> Prasun Gera via FreeIPA-users wrote:
> > I'm seeing the following tw
I'm seeing the following two errors on running ipahealthcheck. This is on
an up to date RHEL 8.3 system in a 2 server topology with self signed CA.
DOMAIN.COM IPA CA not found, assuming 3rd party
DOMAIN.COM IPA CA not found, assuming 3rd party
[
{
"source":
y all return the same cert.
>>
>> Also, there was another thread on the mailing list with similar symptoms.
>> I'm not sure if there was a resolution.
>> https://www.redhat.com/archives/freeipa-users/2017-January/msg00111.html
>>
>>
>>
>> On Mon, Jul 31
me cert.
>
> Also, there was another thread on the mailing list with similar symptoms.
> I'm not sure if there was a resolution.
> https://www.redhat.com/archives/freeipa-users/2017-January/msg00111.html
>
>
>
> On Mon, Jul 31, 2017 at 2:40 PM, Rob Crittenden <rcrit...@red
ca_cert
>> "caSigningCert cert-pki-ca"
>> track: yes
>> auto-renew: yes
>>
>> Same status for subsystemCert cert-pki-ca. However, ipaCert shows
>> monitoring, which is also tracked by dogtag-ipa-ca-renew-agent. There are
>> still a few more lef
24, 2017 at 6:19 AM, Florence Blanc-Renaud <f...@redhat.com>
wrote:
> On 07/23/2017 01:29 AM, Prasun Gera via FreeIPA-users wrote:
>
>> I tried to replicate every one of those on the replica, but I've hit a
>> snag. The following CA only exists on the master, but n
I tried to replicate every one of those on the replica, but I've hit a
snag. The following CA only exists on the master, but not on the replica:
CA 'dogtag-ipa-ca-renew-agent':
is-default: no
ca-type: EXTERNAL
helper-location: /usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit
I didn't
latime,fd=18,pgrp=34091,
> timeout=300,minproto=5,maxproto=5,direct)
>
> Thanks a lot,
> Petros
>
> On 07/12/2017 01:11 AM, Prasun Gera via FreeIPA-users wrote:
>
> One easy way to resolve your issues it to use different names for the
> export location and the mount locat
Alexander Bokovoy <aboko...@redhat.com>
wrote:
> On ti, 23 touko 2017, Prasun Gera via FreeIPA-users wrote:
>
>> I posted this in the earlier thread, but didn't get a response. I was able
>> to fix this on the master, but "getcert list -d /etc/httpd/alias -n
>>
13 matches
Mail list logo