Hi Rob,
Thank you for taking the time to respond.
Using the command you suggested (getcert list) I can see that the system is not
monitoring any of my host certificates. The ones it is tracking seem to be
certificates needed for it's internal operation.
Is the default behaviour that certs
Christof Schulze via FreeIPA-users wrote:
> While watching my certificates to renew (hopefully not failing again)
> and crawling through my logs I found some Warnings on all of my master
> and replicas.
>
> Do I have to worry about something the "ocspSigningCert cert-pki-ca" is
> one of the
On to, 21 marras 2019, Ian Pilcher via FreeIPA-users wrote:
I've long believed that it wasn't possible to use FreeIPA for identity
management with Windows clients (unless one was willing to pay for an
Active Directory server and establish a cross-domain trust).
I recently stumbled on this post,
John Stokes via FreeIPA-users wrote:
> Hi all,
>
> I have a question regarding renewal of certificates issued to http services.
> I read somewhere that these certificates are automatically renewed but could
> not find any more details.
> My deployment is a standard one and I'm using the
While watching my certificates to renew (hopefully not failing again)
and crawling through my logs I found some Warnings on all of my master
and replicas.
Do I have to worry about something the "ocspSigningCert cert-pki-ca" is
one of the certificates expiring in 9 days.
journalctl -u
Dmitri Moudraninets wrote:
> Hi Rob,
>
> Yes both masters are failing the same way. Output of openssl x509 -noout
> -modulus -in /var/lib/ipa/ra-agent.pem is the same on both masters.
> Output of openssl rsa -noout -modulus -in /var/lib/ipa/ra-agent.key is
> also the same on both masters. But the
Hi Rob,
Yes both masters are failing the same way. Output of openssl x509 -noout
-modulus -in /var/lib/ipa/ra-agent.pem is the same on both masters. Output
of openssl rsa -noout -modulus -in /var/lib/ipa/ra-agent.key is also the
same on both masters. But the output of the first command is not the
I've long believed that it wasn't possible to use FreeIPA for identity
management with Windows clients (unless one was willing to pay for an
Active Directory server and establish a cross-domain trust).
I recently stumbled on this post, which indicates that it is possible:
N N via FreeIPA-users wrote:
> Hello! Thanks for your reply.
> I am new to FreeIPA and I'm afraid that I will have certificate problems.
> This is why I added simple monitoring like this:
> GSS_USE_PROXY=yes /usr/bin/ipa cert-find --validnotafter-to=`date -d" +30
> days "+ \% F`
>
> All
Hi Rob,
Both master and replica are failing. The output of the following commands
is different on both FreeIPA servers.
# openssl x509 -noout -modulus -in /var/lib/ipa/ra-agent.pem
# openssl rsa -noout -modulus -in /var/lib/ipa/ra-agent.key
Is this a known issue?
ср, 20 нояб. 2019 г. в 22:24,
Hi all,
I have a question regarding renewal of certificates issued to http services.
I read somewhere that these certificates are automatically renewed but could
not find any more details.
My deployment is a standard one and I'm using the caIPAserviceCert profile.
Can anyone shed some light on
Hello! Thanks for your reply.
I am new to FreeIPA and I'm afraid that I will have certificate problems. This
is why I added simple monitoring like this:
GSS_USE_PROXY=yes /usr/bin/ipa cert-find --validnotafter-to=`date -d" +30 days
"+ \% F`
All certificates have been updated and I see new
On 11/20/19 10:16 PM, Jones, Bob (rwj5d) via FreeIPA-users wrote:
Thank you for the help Flo. Doing the ipa-csreplica-manage re-initialize
corrected the issue I was seeing.
Glad I was able to help, and thanks for the update. It's good to get
confirmation that the issue was solved with the
On 11/20/19 8:13 PM, Natxo Asenjo via FreeIPA-users wrote:
hi,
after patching our centos 7 hosts to the latest version today, one of
the two replicas is having trouble.
[root@kdc2 ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: STOPPED
kadmin Service: STOPPED
named Service:
14 matches
Mail list logo
