On Thu, Oct 1, 2020 at 12:59 PM Ronald Wimmer via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
>
> On 01.10.20 17:46, Alexander Bokovoy wrote:
> > On to, 01 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
> >> Is it possible to set this flag by default for all new IPA hosts?
> >
On 01-10-2020 20:33, Rob Crittenden wrote:
> Kees Bakker via FreeIPA-users wrote:
>> Can I safely do the following?
>>
>> ipa-getcert resubmit -i 20181127141739
>> ipa-getcert resubmit -i 20181127141749
>> ipa-getcert resubmit -i 20181127141750
>> ipa-getcert resubmit -i 20181127141751
> No. Only
On 10/1/20 12:42 PM, Auerbach, Steven via FreeIPA-users wrote:
What is the proper way to change the overall openssl configuration to
set the ssl_min toTLSv1.2?
https://directory.fedoraproject.org/docs/389ds/howto/howto-ssl.html
You can see your current settings with:
ldapsearch -x -D
On 01-10-2020 20:33, Rob Crittenden wrote:
> Kees Bakker via FreeIPA-users wrote:
>> Can I safely do the following?
>>
>> ipa-getcert resubmit -i 20181127141739
>> ipa-getcert resubmit -i 20181127141749
>> ipa-getcert resubmit -i 20181127141750
>> ipa-getcert resubmit -i 20181127141751
> No. Only
Kees Bakker via FreeIPA-users wrote:
> Can I safely do the following?
>
> ipa-getcert resubmit -i 20181127141739
> ipa-getcert resubmit -i 20181127141749
> ipa-getcert resubmit -i 20181127141750
> ipa-getcert resubmit -i 20181127141751
No. Only the renewal master should attempt renewing the
Can I safely do the following?
ipa-getcert resubmit -i 20181127141739
ipa-getcert resubmit -i 20181127141749
ipa-getcert resubmit -i 20181127141750
ipa-getcert resubmit -i 20181127141751
On 01-10-2020 17:36, Kees Bakker via FreeIPA-users wrote:
> EXTERNAL E-MAIL
>
> On the
I have been able to force NSSProtocol to TLSv1.2 on the web service of this IPA
server in the nss.conf. But I am receiving a Threat Assessment Hit
(SecureWorks) that TLSv1.0 is open on port 636/TCP. I attempted to manually
edit the /etc/dirsrv/slapd-/dse.ldif file, but once I made that change
On to, 01 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
On 01.10.20 17:46, Alexander Bokovoy wrote:
On to, 01 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
Is it possible to set this flag by default for all new IPA hosts?
I checked the code and there is no way to set it by default.
On 01.10.20 17:46, Alexander Bokovoy wrote:
On to, 01 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
Is it possible to set this flag by default for all new IPA hosts?
I checked the code and there is no way to set it by default. You have to
explicitly specify --ok-as-delegate=true when
On to, 01 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
Is it possible to set this flag by default for all new IPA hosts?
I checked the code and there is no way to set it by default. You have to
explicitly specify --ok-as-delegate=true when adding hosts and services.
--
/ Alexander
On the non-renewal masters there are 4 certificates that show "ca-error:
Invalid cookie: u''"
Request ID '20181127141739':
ca-error: Invalid cookie: u''
subject: CN=IPA RA,O=GHS.NL
expires: 2020-10-26 20:15:48 UTC
Request ID '20181127141749':
ca-error: Invalid cookie: u''
This now happened to me too.
The solution in this thread was to copy /var/lib/ipa/ra-agent.* to the failing
system.
After that I was able to restart (ipactl restart).
What remains a mystery is **why** this happened.
In my case, we have three CA masters, one is the CA renewal master (of
On Thu, 2020-10-01 at 11:46 +1000, Fraser Tweedale wrote:
> On Wed, Sep 30, 2020 at 09:43:29AM -0400, Simo Sorce wrote:
> > On Wed, 2020-09-30 at 16:04 +1000, Fraser Tweedale wrote:
> > > On Tue, Sep 29, 2020 at 09:44:16AM -0400, Simo Sorce via FreeIPA-users
> > > wrote:
> > > > On Tue,
Is it possible to set this flag by default for all new IPA hosts?
Cheers,
Ronald
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
14 matches
Mail list logo