hi Martin,
On Fri, Nov 7, 2014 at 10:46 AM, Martin Kosek wrote:
> Good! I am glad you fixed the problem. I added this case to
> http://www.freeipa.org/page/Troubleshooting#CRL_gets_very_old
nice. Hopefully it will help someone.
> I am wondering what caused the issue. In the beginning you wrote
On 11/05/2014 09:20 PM, Natxo Asenjo wrote:
On Wed, Nov 5, 2014 at 7:45 PM, Natxo Asenjo wrote:
And I think I found it:
https://fedorahosted.org/freeipa/ticket/3727
permissions of that folder:
$ ls -ld publish/
drwxr-xr-x. 2 root root 73728 Jun 13 2013 publish/
I just changed them to pkius
On Wed, Nov 5, 2014 at 7:45 PM, Natxo Asenjo wrote:
> And I think I found it:
> https://fedorahosted.org/freeipa/ticket/3727
>
>
> permissions of that folder:
>
> $ ls -ld publish/
> drwxr-xr-x. 2 root root 73728 Jun 13 2013 publish/
>
> I just changed them to pkiuser:pkiuser, let's see what the
hi,
By the way, is it safe to rename this file:
$ ls -lh /var/lib/pki-ca/logs/debug
-rw-r-. 1 pkiuser pkiuser 841M Nov 5 19:54 /var/lib/pki-ca/logs/debug
It's quite big :-). Can I just rename it while the dirsrv is running
and will a new one be created or do I have to stop the pki-cad daemo
On Wed, Nov 5, 2014 at 7:37 PM, Natxo Asenjo wrote:
> 6489.CRLIssuingPoint-MasterCRL - [03/Nov/2014:09:00:00 CET] [20] [3]
> FileBasedPublisher: java.io.FileNotFoundException:
> /var/lib/ipa/pki-ca/publish/MasterCRL-20141103-09.temp (Permission
> denied)
And I think I found it:
https://fedora
hi,
On Wed, Nov 5, 2014 at 9:39 AM, Martin Kosek wrote:
> On 11/04/2014 01:39 PM, Natxo Asenjo wrote:
>> hi,
>>
>> On Mon, Nov 3, 2014 at 5:21 PM, Rob Crittenden wrote:
>>> Natxo Asenjo wrote:
>>
How often does the crl list get generated? i still do not see recent data.
>>>
>>> This is cont
On 11/04/2014 01:39 PM, Natxo Asenjo wrote:
> hi,
>
> On Mon, Nov 3, 2014 at 5:21 PM, Rob Crittenden wrote:
>> Natxo Asenjo wrote:
>
>>> How often does the crl list get generated? i still do not see recent data.
>>
>> This is controlled by ca.crl.MasterCRL.autoUpdateInterval which by
>> default
hi,
On Mon, Nov 3, 2014 at 5:21 PM, Rob Crittenden wrote:
> Natxo Asenjo wrote:
>> How often does the crl list get generated? i still do not see recent data.
>
> This is controlled by ca.crl.MasterCRL.autoUpdateInterval which by
> default is 240, so every 4 hours.
mmm, still no new items in the
Natxo Asenjo wrote:
> hi,
>
> I have been really busy, apologies for the delay in answering.
>
> On Wed, Oct 22, 2014 at 5:39 PM, Rob Crittenden wrote:
>> Natxo Asenjo wrote:
>>> On Mon, Oct 13, 2014 at 9:39 PM, Natxo Asenjo
>>> wrote:
But if I get it from the crl generator using /ipa/crl
hi,
I have been really busy, apologies for the delay in answering.
On Wed, Oct 22, 2014 at 5:39 PM, Rob Crittenden wrote:
> Natxo Asenjo wrote:
>> On Mon, Oct 13, 2014 at 9:39 PM, Natxo Asenjo wrote:
>>> But if I get it from the crl generator using /ipa/crl/MasterCRL.bin I
>>> still get the old
Natxo Asenjo wrote:
> On Mon, Oct 13, 2014 at 9:39 PM, Natxo Asenjo wrote:
>> But if I get it from the crl generator using /ipa/crl/MasterCRL.bin I
>> still get the old crl dated june 28th last year.
>>
>> Should I modify ipa-pki-proxy.conf as well on the CRL generator host
>> to point to the /ca/
On Mon, Oct 13, 2014 at 9:39 PM, Natxo Asenjo wrote:
> But if I get it from the crl generator using /ipa/crl/MasterCRL.bin I
> still get the old crl dated june 28th last year.
>
> Should I modify ipa-pki-proxy.conf as well on the CRL generator host
> to point to the /ca/ee/ca/getCRL?op=getCRL&crlI
On 10/13/2014 03:39 PM, Natxo Asenjo wrote:
On Mon, Oct 13, 2014 at 8:17 PM, Natxo Asenjo wrote:
On Mon, Oct 13, 2014 at 7:53 PM, Rob Crittenden wrote:
Natxo Asenjo wrote:
On Mon, Oct 13, 2014 at 4:27 PM, Natxo Asenjo wrote:
But if I go to the crl url (http://kdc01.domain.tld/ipa.crl ) all
On Mon, Oct 13, 2014 at 8:17 PM, Natxo Asenjo wrote:
> On Mon, Oct 13, 2014 at 7:53 PM, Rob Crittenden wrote:
>> Natxo Asenjo wrote:
>>> On Mon, Oct 13, 2014 at 4:27 PM, Natxo Asenjo
>>> wrote:
But if I go to the crl url (http://kdc01.domain.tld/ipa.crl ) all the
files I see are very
On Mon, Oct 13, 2014 at 7:53 PM, Rob Crittenden wrote:
> Natxo Asenjo wrote:
>> On Mon, Oct 13, 2014 at 4:27 PM, Natxo Asenjo wrote:
>>> But if I go to the crl url (http://kdc01.domain.tld/ipa.crl ) all the
>>> files I see are very old (the MasterCRL.bin file is dated 28 june
>>> 2013), and on th
Natxo Asenjo wrote:
> On Mon, Oct 13, 2014 at 4:27 PM, Natxo Asenjo wrote:
>> But if I go to the crl url (http://kdc01.domain.tld/ipa.crl ) all the
>> files I see are very old (the MasterCRL.bin file is dated 28 june
>> 2013), and on the kdc02 it is newer (July 2 2013).
>
> on 28 June 2013 I patc
On Mon, Oct 13, 2014 at 4:27 PM, Natxo Asenjo wrote:
> But if I go to the crl url (http://kdc01.domain.tld/ipa.crl ) all the
> files I see are very old (the MasterCRL.bin file is dated 28 june
> 2013), and on the kdc02 it is newer (July 2 2013).
on 28 June 2013 I patched the kdc01:
Jun 28 23:17:
hi,
yet another certificate authority question.
We have a centos 6.5 ipa environment with two domain controllers
(kdc01, kdc02). The first one is the first replica and maintains the
crl (or so it should).
Recently our monitoring warned us that the web host certificate for
kdc01 was about to expi
18 matches
Mail list logo
