How are you issuing the certs for the clients? Are they signed by the same
certificate chain that signed the IPA certificate? Did you install the CA
certificate chain as trusted CA on the clients?
On Thu, Jul 13, 2017 at 2:27 AM, Jeff Fouchard via FreeIPA-users <
On Wed, Jul 12, 2017 at 05:37:54PM +0200, Karl Forner via FreeIPA-users wrote:
> Hello,
>
> I'm getting desperate, I'm still unable to fix my expired certificates on
> my freeIPA master.
>
> Summary:
>
>- I discovered that my web ui SSL certificate had expired.
>- the certificate
Hello,
Today I realized that the https certificate for my freeipa web ui has
expired.
I tried to renew it using:
#ipa-cacert-manage renew
Renewing CA certificate, please wait
CA certificate successfully renewed
The ipa-cacert-manage command was successful
So it seemed to went well. I tried to
What was the IPA version you used? It might be not related, but when i upgraded
sssd to 1.15.2-5 ssh doesn't work for me neither on the FreeIPA server, nor on
the clients. What's more strange, getent passwd for AD users doesn't work for
the clients, although it works for the server.
I think the problem is that the web UI certificate is not tracked by
Certmonger.
I compared with my replica server which seems alright:
master server (with expired certificate):
# ipa-getcert list
Number of certificates and requests being tracked: 7.
Request ID '20150826135329':
status:
> On Thu, Jul 06, 2017 at 02:29:34PM -, bogusmaster--- via FreeIPA-users
> wrote:
>
>
> The ipa-client gets all its data from the IPA server and for efficiency
> the lookup on the server goes via the SSSD cache on the server.
>
> While on the client during authentication the user data is
The list was migrated to Fedora Hosted. (note the footer on messages and how
the posting address is @fedorahosted.org)
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/
- Original Message -
From: "John Morris via FreeIPA-users"
On 13 July 2017 at 00:48, bogusmaster--- via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> > On Thu, Jul 06, 2017 at 02:29:34PM -, bogusmaster--- via
> FreeIPA-users wrote:
>
> I have verified that hint. I've stopped sssd daemon, cleared the cache and
> started it back again.
Seems the mailing list archives stopped working in mid-May:
https://www.redhat.com/archives/freeipa-users/
John
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to