Re: [Freeipa-users] ipalib: SEC_ERROR_UNTRUSTED_ISSUER

rit...@redhat.com> wrote: > Alessandro De Maria wrote: > > Hello Martin, > > > > still no luck unfortunately. > > > > The client is an ubuntu 14.04 server, and I believe it is enrolled > already. > > > > The /etc/ipa/ca.pem is correct and already in

Re: [Freeipa-users] ipalib: SEC_ERROR_UNTRUSTED_ISSUER

o I need to restart some components? Any log I could look into? Thank you On 8 November 2016 at 07:56, Martin Babinsky <mbabi...@redhat.com> wrote: > On 11/07/2016 04:45 PM, Alessandro De Maria wrote: > >> Hi Martin, >> >> I tried from the host I am executing the scrip

Re: [Freeipa-users] ipalib: SEC_ERROR_UNTRUSTED_ISSUER

? can I copy it, or is there a way to regenerate it? Regards Alessandro On 7 November 2016 at 15:36, Alessandro De Maria < alessandro.dema...@gmail.com> wrote: > Hi Martin, this is the output from the id1 host: > > certutil -L -d /etc/httpd/alias/ > > Certificate Nickname

Re: [Freeipa-users] ipalib: SEC_ERROR_UNTRUSTED_ISSUER

On 11/04/2016 04:52 PM, Alessandro De Maria wrote: > >> Hello, >> >> I have a FreeIPA installation that is working very nicely, we already >> have configured many hosts and so far we are quite happy with it. >> >> I was trying to connect Ansible to fetch h

[Freeipa-users] ipalib: SEC_ERROR_UNTRUSTED_ISSUER

>.****.com/ipa/json* If I curl the URL, it works just fine ( I imported the CA Certificate in the system directory /etc/ssl/certs). I have run `openssl s_client` connect and downloaded the remote certificate locally, then I run: # openssl verify cert.pem # *id1.prod.**xxxx**.com

[Freeipa-users] IP SAN in certificates

ss: Subject alt > name type IP Address is forbidden). I believe FreeIPA does not currently support IPs as the SAN of a certificate. Is this still the case? is there a workaroud? Regards Alessandro -- Alessandro De Maria alessandro.dema...@gmail.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Error looking up public keys

The workaround worked thank you! On 6 Oct 2016 5:09 pm, "Sumit Bose" <sb...@redhat.com> wrote: > On Thu, Oct 06, 2016 at 03:48:10PM +0100, Alessandro De Maria wrote: > > Hello, > > > > We are moving some of our servers to use 16.04 and for all new install

[Freeipa-users] Error looking up public keys

/org/freedesktop/sssd/service (Thu Oct 6 15:42:20 2016) [sssd[ssh]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit Could you help me understand what is the issue with it? Regards Alessandro -- Alessandro De Maria alessandro.dema...@gmail.com -- Manage your subscription for the

Re: [Freeipa-users] User certificate workflow

Fantastic thank you! On 16 Mar 2016 12:21 a.m., "Fraser Tweedale" <ftwee...@redhat.com> wrote: > On Tue, Mar 15, 2016 at 09:39:12AM +0000, Alessandro De Maria wrote: > > Thank you Martin that's very helpful. > > > > The annoying thing about c

Re: [Freeipa-users] User certificate workflow

at 08:50, Martin Babinsky <mbabi...@redhat.com> wrote: > On 03/15/2016 08:39 AM, Alessandro De Maria wrote: > >> Hello, >> >> I would like to have authenticated users to upload a csr request and >> have their certificate automatically signed. Their certificate wo

Re: [Freeipa-users] OTP not working since upgrade

Solved. This turned out to be the ipa-otp process stuck on one of the 2 servers. The VPN requests where being sent to the other server which was working fine a simple restart of ipa fixed it. Regards On 28 February 2016 at 23:17, Alessandro De Maria < alessandro.dema...@gmail.com>

[Freeipa-users] OTP not working since upgrade

creating a new one. Strangely enough I can connect OK with the VPN supplying password + OTP, but OTP is not working on both freeipa gui and when issuing sudo. Could someone help me understand what is going on? Regards Alessandro -- Alessandro De Maria alessandro.dema...@gmail.com -- Manage your

Re: [Freeipa-users] Unable to get new certificates after upgrade

I re-run the upgrade script and that fixed it. Thank you very much Alexander! On 27 February 2016 at 21:46, Alessandro De Maria < alessandro.dema...@gmail.com> wrote: > Yes that looks exactly like it, thank you. > Are you aware of a workaround available? Like changing manuall

Re: [Freeipa-users] Unable to get new certificates after upgrade

Yes that looks exactly like it, thank you. Are you aware of a workaround available? Like changing manually the CS.cfg? On 27 February 2016 at 21:40, Alexander Bokovoy <aboko...@redhat.com> wrote: > On Sat, 27 Feb 2016, Alessandro De Maria wrote: > >> great that explain

Re: [Freeipa-users] Unable to get new certificates after upgrade

e I know) But thank you this is already very helpful. I hope I can find some other pointed to understand my issue then. Regards Alessandro On 27 February 2016 at 21:25, Alexander Bokovoy <aboko...@redhat.com> wrote: > On Sat, 27 Feb 2016, Alessandro De Maria wrote: > >>

[Freeipa-users] Unable to get new certificates after upgrade

etry: 4001 (RPC failed at server. caIPAserviceCert: Certificate Profile not found* Could someone help me out please? I noticed that 4.2.3 is out with important bug fixes, is there a repository out there with Centos rmps? Regards Alessandro -- Alessandro De Maria alessandro.dema...@gmail.com -- M