Re: [Freeipa-users] Chrome 58 Doesn't Trust SSL Certificates Signed by FreeIPA

2017-05-01 Thread Prasun Gera
Any ideas why the replica's certs are not being tracked ? That looks like an issue in itself. If they are not being tracked, the replica will fail once they expire. Is there any way to fix the replica ? On Sun, Apr 23, 2017 at 10:08 PM, Prasun Gera wrote: > I tried that,

Re: [Freeipa-users] Chrome 58 Doesn't Trust SSL Certificates Signed by FreeIPA

2017-04-23 Thread Prasun Gera
I tried that, but the replica's "getcert list" doesn't seem to show any results. "Number of certificates and requests being tracked: 0." Is that expected ? On Sun, Apr 23, 2017 at 8:50 PM, Fraser Tweedale wrote: > On Sun, Apr 23, 2017 at 03:32:19AM -0400, Prasun Gera wrote:

Re: [Freeipa-users] Chrome 58 Doesn't Trust SSL Certificates Signed by FreeIPA

2017-04-23 Thread Fraser Tweedale
On Sun, Apr 23, 2017 at 03:32:19AM -0400, Prasun Gera wrote: > Thank you. That worked for the master. How do I fix the replica's cert ? > This is on ipa-server-4.4.0-14.el7_3.7.x86_64 on RHEL7. I am not using > ipa's DNS at all. Did this happen because of that ? > This is not related to DNS. To

Re: [Freeipa-users] Chrome 58 Doesn't Trust SSL Certificates Signed by FreeIPA

2017-04-23 Thread Prasun Gera
Thank you. That worked for the master. How do I fix the replica's cert ? This is on ipa-server-4.4.0-14.el7_3.7.x86_64 on RHEL7. I am not using ipa's DNS at all. Did this happen because of that ? On Thu, Apr 20, 2017 at 9:06 PM, Fraser Tweedale wrote: > On Thu, Apr 20, 2017

Re: [Freeipa-users] Chrome 58 Doesn't Trust SSL Certificates Signed by FreeIPA

2017-04-20 Thread Fraser Tweedale
On Thu, Apr 20, 2017 at 07:31:16PM -0400, Prasun Gera wrote: > I can confirm that I see this behaviour too. My ipa server install is a > pretty stock install with no 3rd party certificates. > > On Thu, Apr 20, 2017 at 5:46 PM, Simon Williams < > simon.willi...@thehelpfulcat.com> wrote: > > >

Re: [Freeipa-users] Chrome 58 Doesn't Trust SSL Certificates Signed by FreeIPA

2017-04-20 Thread Prasun Gera
I can confirm that I see this behaviour too. My ipa server install is a pretty stock install with no 3rd party certificates. On Thu, Apr 20, 2017 at 5:46 PM, Simon Williams < simon.willi...@thehelpfulcat.com> wrote: > Yesterday, Chrome on both my Ubuntu and Windows machines updated to > version

[Freeipa-users] Chrome 58 Doesn't Trust SSL Certificates Signed by FreeIPA

2017-04-20 Thread Simon Williams
Yesterday, Chrome on both my Ubuntu and Windows machines updated to version 58.0.3029.81. It appears that this version of Chrome will not trust certificates based on Common Name. Looking at the Chrome documentation and borne out by one of the messages, from Chrome 58, the subjectAltName is