[Freeipa-users] Re: Third Party SSL for HTTP and Certmonger SSL for LDAP

Hi Rob, I am planning to revert my existing third party SSL certs for HTTP and LDAP Services back to CertMonger cert. Is there any way to revert the certs back to CertMonger certs. Awaiting your response. On Tue, Apr 3, 2018 at 9:56 AM, Alka Murali wrote: > Hi Rob, >

[Freeipa-users] ipa: ERROR: No valid Negotiate header in server response

Hi there, Seems I have to kinit every time in order to run ipa command, as a quick fix!? The client is ipa-client-4.5.0-22.0.1.el7_4.x86_64 Servers are ipa-server-4.4.0-12.0.1.el7.x86_64 This has started recently and I am not able to track any changes that could cause this. This happens:

[Freeipa-users] Re: Failed to start pki-tomcatd Service - javax.ws.rs.ServiceUnavailableException: Subsystem unavailable

On 29/03/18 12:43, Florence Blanc-Renaud wrote: On 03/28/2018 12:42 PM, lejeczek via FreeIPA-users wrote: hi guys, I fail to troubleshoot this here: $ ipactl start --ignore-service-failures Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service

[Freeipa-users] Re: NTP

Andrew Meyer wrote: > This is a mix of VMware VMs an AWS instances.  All CentOS 7. It was VMware that had the poor time keeping but this was 7 or 8 years ago in the Fedora 11/12 time period. I'd find it hard to believe the same time problems exist today but some googling might turn up something

[Freeipa-users] Re: NTP

This is a mix of VMware VMs an AWS instances.  All CentOS 7. On Tuesday, April 3, 2018 1:04 PM, Rob Crittenden wrote: Andrew Meyer via FreeIPA-users wrote: > I need some clarification on this.  I have my FreeIPA server in > talking.  NTP is working.  However Some

[Freeipa-users] Re: NTP

Andrew Meyer via FreeIPA-users wrote: > I need some clarification on this.  I have my FreeIPA server in > talking.  NTP is working.  However Some servers are getting ntp drift.  > If I go into /etc/ntp.conf I see that at the bottom FreeIPA adds server > at the bottom of the file. > > ### Added by

[Freeipa-users] Re: FreeIPA Certs for Chromebooks CMC,SCEP and extensions

Awesome, thanks for the info Rob. I will check out your method. It looks like it (Dogtag) has some improvimg CMC support too, so will have a dig. On Tue, 3 Apr 2018, 18:19 Rob Crittenden, wrote: > David Harvey via FreeIPA-users wrote: > > Hi FreeIPA users, > > > > As

[Freeipa-users] Re: FreeIPA Certs for Chromebooks CMC,SCEP and extensions

David Harvey via FreeIPA-users wrote: > Hi FreeIPA users, > > As briefly mentioned in "[Freeipa-users] FreeIPA PKI with OpenVPN", > > I'm looking into using FreeIPA and Dogtag to provide network certs for > Chromebooks (from reading so far it looks like I'll need to use SCEP or > CMC - the

[Freeipa-users] NTP

I need some clarification on this.  I have my FreeIPA server in talking.  NTP is working.  However Some servers are getting ntp drift.  If I go into /etc/ntp.conf I see that at the bottom FreeIPA adds server at the bottom of the file. ### Added by IPA Installer ###server 127.127.1.0 iburstfudge

[Freeipa-users] Re: ca/agent/ca/displayBySerial': (SSL_ERROR_BAD_CERT_ALERT) SSL peer cannot verify your certificate.

amitj1jan--- via FreeIPA-users wrote: > By PROD/DR, I meant Production/Disaster Recovery environment. > And yes there are two IPA servers in both PROD/DR environment. > > Also, came across the fact that while in PROD, SSL was implemented using > self-signed certs(where things r working), In DR

[Freeipa-users] Re: ca/agent/ca/displayBySerial': (SSL_ERROR_BAD_CERT_ALERT) SSL peer cannot verify your certificate.

By PROD/DR, I meant Production/Disaster Recovery environment. And yes there are two IPA servers in both PROD/DR environment. Also, came across the fact that while in PROD, SSL was implemented using self-signed certs(where things r working), In DR environment CA signed certs were used later for