Hi,
On Tue, May 9, 2023 at 1:24 PM Justin Sanderson via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
>
> Hey Flo - thanks so much for your willingness to help.
>
>
> My setup is just a single VM server. I will give it a try tonight once
> everyone has gone home for the day.
>
>
Hey Flo - thanks so much for your willingness to help.
My setup is just a single VM server. I will give it a try tonight once
everyone has gone home for the day.
Also, does it make sense to have certmonger monitor this cert? I found
a command on the RH access portal that shows how to add
Hi Justin,
The ra-agent.pem is the same certificate on all servers/replicas. When
everything works properly, it gets renewed on the renewal master, then it
is uploaded in LDAP and the other replicas can download it from LDAP.
Do you have multiple servers? If yes and if the ra-agent.pem has been
Found the culprit /var/lib/ipa/ra-agent.pem
# openssl -in /var/lib/ipa/ra-agent.pem -noout -text |grep "Not After"
The cert expired 4 days ago. ... whats proper "IPA" way to recreate
cert. I could do it with openssl but idd if there's "hooks" to other
components that i need to update.
I tried the "ipa cert-show 1" from the CLI and got the same error:
https://[myservernamehere.fqdn]:443/ca/agent/ca/displayBySerial' :
SSL_HANDSHAKE_FAILURE
I do have a corresponding entry in the access_log for apache
"POST /ca/agent/ca/displayBySerial HTTP/1.1" 403 229
The apache
Justin Sanderson via FreeIPA-users wrote:
>
> Ok. So once again my IPA server is having cert issues. Everything seems
> to be working except when I am in the web interface and goto
> "Authentication" --> "Certificates" --> Click any of the certs in the list.
>
>
> I get this error from the
