Adam Lewis wrote:
Yup. I'm currently still sitting back in time. But any time I try to
resubmit either the ipaCert or the subsystemCert it errors out.
getcert list shows :
ca-error: Server at
"https://ipa.local.domain:9443/ca/agent/ca/profileProcess; replied: 1:
Authentication Error
And the
Rob,
The only message that seems remotely relevant is:
ProfileSubmitServlet: for renewal, original authenticator not found
But everything else looks completely fine until the "AUTH_FAIL" message.
I started seeing
csngen_new_csn - Warning: too much time skew (-xxx secs). Current seqnum=1
So I
Adam Lewis wrote:
Yup. I'm currently still sitting back in time. But any time I try to
resubmit either the ipaCert or the subsystemCert it errors out.
getcert list shows :
ca-error: Server at
"https://ipa.local.domain:9443/ca/agent/ca/profileProcess; replied: 1:
Authentication Error
And the
Yup. I'm currently still sitting back in time. But any time I try to
resubmit either the ipaCert or the subsystemCert it errors out.
getcert list shows :
ca-error: Server at "
https://ipa.local.domain:9443/ca/agent/ca/profileProcess; replied: 1:
Authentication Error
And the debug log shows:
Adam Lewis wrote:
Yup, It's just the text string. I don't know how much this matters but
when I ran the start-tracking for the ipaCert it didn't generate a new
certificate. I'm still working off of serial number 7, which is what
it's been since we installed IPA. Is there some way/reason for me
Yup, It's just the text string. I don't know how much this matters but when
I ran the start-tracking for the ipaCert it didn't generate a new
certificate. I'm still working off of serial number 7, which is what it's
been since we installed IPA. Is there some way/reason for me to generate a
whole
Adam Lewis wrote:
If you mean the usercertificate value from the ldapsearch command, then
yes. That value matches the value from the certutil output.
The usercertificate in LDAP had the BEGIN/END stripped, right?
I'll cc a couple of the dogtag developers to see what they think.
rob
Thanks
If you mean the usercertificate value from the ldapsearch command, then
yes. That value matches the value from the certutil output.
Thanks
On Mon, Aug 1, 2016 at 11:18 AM, Rob Crittenden wrote:
> Adam Lewis wrote:
>
>> A quick update. We did some digging on the segfault
Adam Lewis wrote:
A quick update. We did some digging on the segfault problem and I think
it was due to having to update the trusts on the CA cert. So we updated
the certmonger package and certmonger now starts again.
However we're kind of back to square one where we are still getting the
A quick update. We did some digging on the segfault problem and I think it
was due to having to update the trusts on the CA cert. So we updated the
certmonger package and certmonger now starts again.
However we're kind of back to square one where we are still getting the
AUTH_FAIL messages in the
Rob,
Thanks for pointing me in the right direction. However after following the
instructions in the above mentioned doc I noticed a few things that are odd
and have a new problem. The first odd thing I noticed is that when I run
service pki-cad status it shows that my PKI Subsystem Type is "CA
Lewis, Adam M CIV NSWCDD, H11 wrote:
We are currently dead in the water. Our OCSP, CA Audit, CA Subsystem, and IPA
RA certs expired as of 7/23/16. I found and followed the instructions to the
letter
On Tue, 2013-02-19 at 14:38 -0700, Orion Poplawski wrote:
This is a followup to some previous discussions. I have been lobbying to
keep
(and fix) the ability to install your own certificates when configuring IPA
in
order to make use of wildcard SSL certificates. But it seems this will
On 02/19/2013 03:10 PM, Simo Sorce wrote:
On Tue, 2013-02-19 at 14:38 -0700, Orion Poplawski wrote:
This is a followup to some previous discussions. I have been lobbying to keep
(and fix) the ability to install your own certificates when configuring IPA in
order to make use of wildcard SSL
Orion Poplawski wrote:
On 02/19/2013 03:10 PM, Simo Sorce wrote:
On Tue, 2013-02-19 at 14:38 -0700, Orion Poplawski wrote:
This is a followup to some previous discussions. I have been
lobbying to keep
(and fix) the ability to install your own certificates when
configuring IPA in
order to make
On 02/19/2013 05:42 PM, Rob Crittenden wrote:
Orion Poplawski wrote:
On 02/19/2013 03:10 PM, Simo Sorce wrote:
On Tue, 2013-02-19 at 14:38 -0700, Orion Poplawski wrote:
This is a followup to some previous discussions. I have been
lobbying to keep
(and fix) the ability to install your own
On 02/19/2013 07:31 PM, Dmitri Pal wrote:
IMO this should eventually help
https://fedoraproject.org/wiki/Features/SharedSystemCertificates
Once this is solved the right certs can probably be delivered via
OpenLMI or SSSD so rather than using already distributed certs it would
be possible to
17 matches
Mail list logo