Last week I ran the command:
> [root@utility ~]# ipa-certupdate
>
> cannot connect to 'https://utility.idm.nac-issa.org/ipa/json': [SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
> The ipa-certupdate command failed.
We tested the root CA cert and server cert. Both were
Thank you!
It resolved itself before I got a chance to try resubmitting the ID's. :-)
On Mon, Sep 13, 2021 at 9:17 AM Rob Crittenden wrote:
> Russell Jones via FreeIPA-users wrote:
> > Hi all,
> >
> > I am not sure what to do with these below errors. Are they related to my
> > failed replica
Russell Jones via FreeIPA-users wrote:
> Hi all,
>
> I am not sure what to do with these below errors. Are they related to my
> failed replica that I rebuilt and resynced, and as a result can be
> ignored? All the current certificates seem to be healthy.
According to ipa-healthcheck they will be
Hi all,
I am not sure what to do with these below errors. Are they related to my
failed replica that I rebuilt and resynced, and as a result can be ignored?
All the current certificates seem to be healthy.
Thanks for the insight!
WARNING:
For records that works if I remove these lines in
/etc/crypto-policies/back-ends/nss.config
name=p11-kit-proxy
library=p11-kit-proxy.so
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
Hello,
I'm trying to provision an HTTP service principal for a containerized
service. The host on which the container is running also has a kerberized
HTTP service running on it with a separate service principal (both services
are highly critical, but for different systems, and thus should
Hi Rob
The SAN would also work really well since we are only using subdomains and
hardly ever a new domain.
I tried the following:
ipa-getcert resubmit -D HTTP/sub2.example.com -i 20210910082436
But when I check ipa-getcert lis it says:
ca-error: Server at
I ran into similar issues after upgrading from FreeIPA 4.9.3 to 4.9.6 on Centos
Stream 8 last week.
You could check /var/log/httpd/error_log - I had trouble with TLS 1.3 (leading
to error "Request failed with status 403: Non-2xx response from CA REST API:
403.") which could be solved by