Hi,
if you know exactly which certificate is causing the problem, you can use
ldapmodify to remove the value from the ldap user entry.
ldapmodify -D "cn=directory manager" -W
dn: uid=,cn=users,cn=accounts,
changetype: modify
delete: usercertificate
usercertificate:
If you're not comfortable
Hi Nico,
Hey! Please describe the process of solving this problem in more detail, how to
remove such a problematic certificate?
I have exactly the same problem and even #ipa cert-revoke does not work in the
console.
___
FreeIPA-users mailing list --
Hi Nico,
Hey! Please describe the process of solving this problem in more detail, how to
remove such a problematic certificate?
I have exactly the same problem and even #ipa cert-revoke does not work in the
console.
___
FreeIPA-users mailing list --
Hi Rob,
it turned out someone imported a plain text certificate into the binary
userCertificate attribute, probably by manual means / direct insert into LDAP.
The resulting error was thrown for all users and admins using the Webinterface
of freeIPA, so this one certificate completly knocked
Nico Maas via FreeIPA-users wrote:
> Thank you all, I could resolve the issue. Problem was a somewhat faulty
> certificate that a user had loaded into the userCertificate attribute of its
> LDAP entry.
>
> I could see it by using cat /var/log/httpd/error_log
>
> ValueError: unable to convert
Thank you all, I could resolve the issue. Problem was a somewhat faulty
certificate that a user had loaded into the userCertificate attribute of its
LDAP entry.
I could see it by using cat /var/log/httpd/error_log
ValueError: unable to convert the attribute 'usercertificate' value
Thank you Rob for your help.
I see no expired certificates:
getcert list | grep expires
expires: 2022-04-17 16:46:12 CEST
expires: unknown
expires: unknown
expires: unknown
expires: unknown
expires: 2022-04-06 16:44:19 CEST
expires:
Nico Maas via FreeIPA-users wrote:
> Dear all,
> I am using FreeIPA, Version: 4.8.4 on CentOS 8
>
> ipa-client.x86_64 4.8.4-7.module_el8.2.0+374+0d2d74a1
> @AppStream
> ipa-client-common.noarch4.8.4-7.module_el8.2.0+374+0d2d74a1
> @AppStream
>