Re: [Freeipa-users] IPA active-active node failure

Auerbach, Steven wrote: We have an active-active dual-node IPA. The second node stopped accepting logins thru the Web GUI. I rebooted the server. Now it is really botched. Directory service will not restart: # service ipa restart Restarting Directory Service Shutting down dirsrv:

Re: [Freeipa-users] nss unrecognized name alert with SAN name

John Obaterspok wrote: 2016-06-27 11:05 GMT+02:00 Lukas Slebodnik >: On (26/06/16 20:37), John Obaterspok wrote: >Hi, > >I've been running F23 + mod_nss 1.0.14-1 for months to get SubjectAltName >to work. >F24 update

Re: [Freeipa-users] Replace with 3rd part certificates

Hello, Am Montag, 27. Juni 2016, 12:43:13 CEST schrieb Bjarne Blichfeldt: > For the time being and as far as I can see until IPA 4.3.1, the procedure is > messy and difficult. The following thread will be a big help: > https://www.redhat.com/archives/freeipa-users/2016-January/msg00223.html > >

[Freeipa-users] IPA active-active node failure

We have an active-active dual-node IPA. The second node stopped accepting logins thru the Web GUI. I rebooted the server. Now it is really botched. Directory service will not restart: # service ipa restart Restarting Directory Service Shutting down dirsrv: domain-LOCAL... server already

[Freeipa-users] updating certificates

Greetings, About a year ago I installed my freeipa server with certificates from startssl using command line options --dirsrv-cert-file --http-cert-file etc. The certificate is about to expire, what is the proper way to update it in all places? -- Josh. -- Manage your subscription for the

Re: [Freeipa-users] disaster recovery

On 26.06.2016 08:17, Robert Story wrote: Hello, I was running a single ipa instance on Centos 7 for a small lab (ipa-server-4.2.0-15.0.1.el7.centos.17.x86_64), and the disk was corrupted. I have a (mostly) full backup (/var/log/ and /var/run/ excluded), which I restored. ipa server didn't

Re: [Freeipa-users] Replace with 3rd part certificates

For the time being and as far as I can see until IPA 4.3.1, the procedure is messy and difficult. The following thread will be a big help: https://www.redhat.com/archives/freeipa-users/2016-January/msg00223.html I think I succeeded at last, but further tests remain. Regards, Bjarne

Re: [Freeipa-users] disaster recovery

On Mon, 27 Jun 2016 08:09:59 +0200 Martin wrote: MB> On 26.06.2016 08:17, Robert Story wrote: MB> > Hello, MB> > MB> > I was running a single ipa instance on Centos 7 for a small lab MB> > (ipa-server-4.2.0-15.0.1.el7.centos.17.x86_64), and the disk was corrupted. MB> > I have a (mostly) full

Re: [Freeipa-users] nss unrecognized name alert with SAN name

2016-06-27 11:05 GMT+02:00 Lukas Slebodnik : > On (26/06/16 20:37), John Obaterspok wrote: > >Hi, > > > >I've been running F23 + mod_nss 1.0.14-1 for months to get SubjectAltName > >to work. > >F24 update brings back mod_nss to 1.0.12-4 and now SubjectAltName doesn't > >work

Re: [Freeipa-users] nss unrecognized name alert with SAN name

On (26/06/16 20:37), John Obaterspok wrote: >Hi, > >I've been running F23 + mod_nss 1.0.14-1 for months to get SubjectAltName >to work. >F24 update brings back mod_nss to 1.0.12-4 and now SubjectAltName doesn't >work any more. Is there any chance 1.0.14 will make it in as an F24 update? >(I can

[Freeipa-users] 3th Party Certificate

Hello Professional, what is the minimum when I like to replace the private Certificates ? must I have a Class2 wild card Certificate? Have I to reinstall IPA, I mean no ? when I read all correct, this is working. Have any hints for this scenario Thanks for a answer, -- mit freundlichen

[Freeipa-users] Replace with 3rd part certificates

Hi, i try to replace the self signed certificate from the ipa installation with this description: http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP ipa-server-certinstall -w -d mysite.key mysite.crt The tool ask for the private key unlock passwort. The private key was