Hi guys,
I have installed successfully an external CA Certificate for
https/LDAP but now I get this on my ipa-commands:
ipa domainlevel-get
ipa: ERROR: cert validation failed for
"CN=*.mysubdomain.ipa.mydomain.tld,OU=PositiveSSL Wildcard,OU=Domain
Control Validated" ((SEC_ERROR_UNTRUSTED_ISSUER)
Hi Rob:
First I wanted to thank you for all of your valuable input/tips. As you well
know, everything about certs, certmonger, dogtag and FreeIPA can get very
complicated - there’s no easy answer, so many things can go wrong :)
But, your answers to my questions got me thinking, gave me some cl
Hi Pavel:
Yes, my httpd logs were flooded with cert errors from hosts trying to renew
bogus certs.
How 100 or so out of 1000 hosts ended up with certs that were not valid is
unknown at this time but using Ansible I cleaned all those up and it looks like
I’m in good shape now.
Here’s the playb