Any other advice here? I have also tried setting system back to when
certificates were valid, restarting certmonger and pki-tomcatd, and running
getcert resubmit on the affected certs, this moves them to a "Monitoring"
status, but they still never renew when in present day or when the system is
Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
> Hi,
>
> I have a FreeIPA on a VM that I use for testing. I had to take a pause on my
> work with it, and after a few months, when I turn on the machine, FreeIPA
> won’t start. I get this error:
>
> [Fri Sep 22 18:31:03.162384 2023]
> On Sep 22, 2023, at 19:35, Rob Crittenden via FreeIPA-users
> wrote:
>
> Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
>> Hi,
>>
>> I have a FreeIPA on a VM that I use for testing. I had to take a pause on my
>> work with it, and after a few months, when I turn on the machine,
I'm still stuck at this point, would anyone happen to know how to get the KVNO
issue resolved?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code
Has anyone tried FreeIPA with RSA's SecurID® Authentication Agent for PAM ?
https://community.rsa.com/t5/securid-authentication-agent-for/tkb-p/auth-agent-pam-documentation
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To
Hi,
I have a FreeIPA on a VM that I use for testing. I had to take a pause on my
work with it, and after a few months, when I turn on the machine, FreeIPA won’t
start. I get this error:
[Fri Sep 22 18:31:03.162384 2023] [wsgi:error] [pid 2433:tid 2433]
ModuleNotFoundError: No module named
I have the following Setup.
MK_INTERNAL_SUB_DOMAIN=example.test
MK_FREEIPA_SERVER_REALM=EXAMPLE.TEST
MK_FREEIPA_SERVER_DS_PASSWORD=password
MK_FREEIPA_SERVER_ADMIN_PASSWORD=password
MK_FREEIPA_SERVER_DNS_REVERSE_ZONE=0.18.172.in-addr.arpa
MK_FREEIPA_SERVER_IP=172.18.0.10
Hi Florence,
Thanks for the feedback, let me clarify the situation on the certificates:
- External CA is still valid and it is a self-signed certificate that we
use for other services. So we can manually sign any service certificates
to get them back up and running
- IPA CA is expired, let's
Thank you very much for your hint Ulf. That's working for me.
docker run -it \
-h ${MK_FREEIPA_SERVER_DOMAIN_NAME} \
--name ipa \
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
-v /tmp/freeipa-data/data:/data \
-e "IPA_SERVER_HOSTNAME=${MK_FREEIPA_SERVER_DOMAIN_NAME}" \
-e
On 21/09/2023 22:05, John Stokes via FreeIPA-users wrote:
What is the kracert.p12 used for?
I get this error when I try to export:
[root@aaa-01 ca]# pki-server subsystem-cert-export kra
--pkcs12-file=/root/kracertbackup.p12
ERROR: No kra subsystem in instance pki-tomcat.
You've probablty not
Hi,
On Thu, Sep 21, 2023 at 5:04 PM Cristian Le via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> I have tried my luck around with all the helpers: `pki-server cert-fix`,
> `ipa-cacert-manage`, `ipa-certupdate`, etc. but each one is failing on me
> for multiple reasons.
> -
Hi,
On Fri, Sep 22, 2023 at 12:36 PM Cristian Le wrote:
> Hi Florence,
>
> Thanks for the feedback, let me clarify the situation on the certificates:
> - External CA is still valid and it is a self-signed certificate that we
> use for other services. So we can manually sign any service
Ok, let me walk through some of the specific errors, and I will also
censor out some of the output since this is going to the public
mail-list as well.
Starting from the beginning.
- I have set the date to `1 month` before certificate expired with `sudo
date`
- I ran `ipactl restart --force`
13 matches
Mail list logo