On Tue, Oct 01, 2019 at 07:14:17PM +1000, Fraser Tweedale via FreeIPA-users
wrote:
> On Tue, Oct 01, 2019 at 10:51:37AM +0300, Alexander Bokovoy via FreeIPA-users
> wrote:
> > On ti, 01 loka 2019, Dmitry Perets via FreeIPA-users wrote:
> > > Hi,
> > >
> > > Posting back here, in case someone
On Tue, Oct 01, 2019 at 10:51:37AM +0300, Alexander Bokovoy via FreeIPA-users
wrote:
> On ti, 01 loka 2019, Dmitry Perets via FreeIPA-users wrote:
> > Hi,
> >
> > Posting back here, in case someone gets this issue in the future...
> >
> > The problem turned out to be that IPA put wrong CA cert
On ti, 01 loka 2019, Dmitry Perets via FreeIPA-users wrote:
Hi,
Posting back here, in case someone gets this issue in the future...
The problem turned out to be that IPA put wrong CA cert subject in the LDAP entry under
"uid=ipakra,ou=people,o=kra,o=ipaca".
It looked like this:
dn:
Hi,
Posting back here, in case someone gets this issue in the future...
The problem turned out to be that IPA put wrong CA cert subject in the LDAP
entry under "uid=ipakra,ou=people,o=kra,o=ipaca".
It looked like this:
dn: uid=ipakra,ou=people,o=kra,o=ipaca
description: 2;7;CN=Certificate
Hi,
After a bit more searching - my issue looks exactly like this one:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/AJNEM5CZ6KXNXIMD4TJY3LSRESRIJBFE/
I also have the same error in /var/log/pki/pki-tomcat/kra/system:
0.ajp-bio-127.0.0.1-8009-exec-1 -