On 12/12/2009 12:50 AM, jose mora wrote:
hello
how is everyone doing?
I do have a request, can you help me Deploying FreeIPA?
I would apreciate any kind of help
thank you for your time
Jose Mora
We would like to help you but first you need to tell us what you need
help with.
--
John Dennis
in the administration interface
we provide we should fix it. Please note that v2 of FreeIPA has been
under heavy development and the web GUI has received a lot of attention
for the next release and whatever you're missing might have already been
taken care of.
--
John Dennis jden...@redhat.com
are currently working on version 2.0 of FreeIPA and we've been
releasing test releases.
IPA 2.0 is due to ship in RHEL 6.1.
We are alive, well, and very much kicking :-)
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
NSS entry points. It properly (or
so I hope) handles all the variants (which are numerous) including
ia5string.
We should converge on using NSS for everything, the update will get us a
lot closer to that goal.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com
haven't fully understood your request. So let me rephrase
it and see if I have it correct. You want something on your network
which speaks the TACAS+ protocol but whose identity management is backed
by our IPA server. Is that correct?
--
John Dennis jden...@redhat.com
Looking to carve out IT costs
to utilize IPA as it's back end. We would be
happy to answer any questions for the person(s) who wanted to undertake
this and contribute their work.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
to fix the use of IA5.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
updates-devel edit /etc/yum.repos.d/fedora-updates.repo and
make sure the enabled value is 1, e.g.
enabled=1
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users
additions.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
expecting it shortly.
I would recommend you install the new curl version from F15 updates and
I'll appraise you of the status of xmlrpc-c in the morning.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
On 08/09/2011 12:06 AM, John Dennis wrote:
I believe the fix was incorporated into this RPM, curl-7.21.3-9.fc15 and
was pushed into the stable update at 2011-08-09 01:29:07
xmlrpc-c is dependent on libcurl and is utilized by IPA. I do not
believe there is new version of xmlrpc-c built against
On 10/05/2011 09:44 AM, Dmitri Pal wrote:
On 10/04/2011 11:14 AM, John Dennis wrote:
On 10/04/2011 10:50 AM, Jimmy wrote:
I've been searching and see a few references to freeRADIUS used with
FreeIPA, but I don't see any substantial information on the subject. Is
there a procedure to use
are dangling. If so adjust
the link to point to it's new location.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo
On 11/17/2011 01:40 PM, Alexander Bokovoy wrote:
On Thu, 17 Nov 2011, John Dennis wrote:
My guess is this is due to the fact these jars changed their location. The
symlinks to the jars are established by pkicreate. We have a bug open to
enchance pkicreate (or add a new tool) which will adjust
(Request for Enhancement) on
https://fedorahosted.org/freeipa/
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo
to DER. There should be an existing utility to do it. If not it's as
simple as taking the text between the PEM delimiters and base-64
decoding it.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
that and ran it through a base64 decoder you'd have DER
format. You can't get DER directly right now. We could probably add
an option to write a file in DER format if you wanted to open an RFE
on our trac instance.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com
the repo while it's being populated so
on occasion you may see some odd failures if you happen to hit it while
it's updating.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
yum is somehow
confused.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
an
explanation.
John
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
these enctypes? Is it to satify forwarding/proxy
when you don't know a prori which enctype the foreign endpoint will require?
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa
) enctype. This is so that a client can use the
strongest enctype it has crypto support for.
Sure, that makes sense. But this is new behavior, what changed?
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
to the
ipa-and-samba-team-automation list, you can subscribe if you wish.
Archives of the automation list can be found here:
http://post-office.corp.redhat.com/archives/ipa-and-samba-team-automation
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
/
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
What are you trying to accomplish? In IPA 2.2 you can log onto the web
UI without a kerberos ticket by using password based auth, thus the web
UI no longer requires a kerberos ticket. This applies only to the web
UI, not other IPA components (at the moment).
John
--
John Dennis jden
On 04/03/2012 05:58 PM, Steven Jones wrote:
So how do I login without a kerberos ticket?
See attached screenshot snippets
From: John Dennis [jden...@redhat.com]
Sent: Wednesday, 4 April 2012 9:52 a.m.
To: Steven Jones
Cc: Petr Spacek; freeipa-users
. Click on the logout and you will be
logged out and then you can log back in as someone else.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https
On 04/03/2012 09:17 PM, Steven Jones wrote:
My gui doesnt have the logout button.
:(
It will :-) It's a new feature, currently in beta.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa
if getaddrinfo is not available)
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On 04/30/2012 03:54 AM, Petr Spacek wrote:
On 04/27/2012 02:43 PM, John Dennis wrote:
On 04/27/2012 04:45 AM, Petr Spacek wrote:
On 04/26/2012 11:42 PM, Simo Sorce wrote:
On Thu, 2012-04-26 at 21:18 +, Steven Jones wrote:
Hi,
FYI,
I shutdown IPv6 as we dont do IPv6 and found that IPA
needs
to be setup separately with lot of pain.
Absolutely, the pain threshold of setting those component up and getting
them to play together is high. One of the primary design goals of
FreeIPA is to eliminate those pain points so you can focus on
administrating your user base.
--
John Dennis
for managing
session timeouts. It wouldn't be too hard to expand this to time how
long it takes a command to execute because it's evaluated for every
command. Combined with timestamping in the UI code we could get a
reasonable idea of where some bottlenecks lie (or don't).
--
John Dennis jden
200 Success application/json jquery.js:7365
Script 46.93KB 46.38KB 1.52s 1.51s (1.40s waiting)
Steve
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
John Dennis jden...@redhat.com
process will be applied the
next time you visit the web UI.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo
, hosts, etc. to groups. Then use group
membership to control how a particular group of users behaves. It's easy
to automate group membership via automember.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
protocols. IPA also makes sure strong
encryption is utilized for those tunnels. Strong authentication is also
required at the endpoints of those tunnels.
It really wouldn't make much sense to design an authentication and
security manager that itself wasn't secure :-)
--
John Dennis jden
Thanks for the contribution Chris!
Just as an aside if you know Python you can call the IPA commands
directly and use Python to extract and reformat the data, it might be a
lot simpler than doing the bash/awk dance.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs
is it the correct host? If not then
the server will assume it's co-located on the same machine. Is your CA
on the same machine as your IPA server?
One other thing to check, is the CA running? Do an ipactl status to
verify or an ipactl restart.
--
John Dennis jden...@redhat.com
Looking to carve out
/httpd/error_log which may have more detailed messages
indicating where things might be going wrong.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
. Do you see any errors in the log files
found under /var/log/pki-ca?
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman
? If not can you locate jss4.jar? Is it now under
/var/lib64/java? If so adjust the symbolic link under
/var/lib/pki-ca/common/lib to point to it. Do thinks work now after
restarting?
John
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
a bug at this point, but perhaps we need to
pay attention and see if anyone else gets bitten by this.
John
*From:* John Dennis jden...@redhat.com
*To:* a...@redhat.com
*Cc:* george he george_...@yahoo.com
the versions of the relevant packages, that would have been
helpful. In any event I would make sure all your packages are up to date.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
)?
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
2012 18:32:05'
Sorry, someone else will have to help you with the below:
ipa: ERROR: Cannot perform join operation without Samba 4 support installed.
Make sure you have installed
server-trust-ad sub-package of IPA
but I have the server-trust-ad installed:--
John
On 12/18/2012 03:30 PM, Sumit Bose wrote:
On Tue, Dec 18, 2012 at 03:16:47PM -0500, John Dennis wrote:
On 12/18/2012 01:26 PM, Andre Rodrigues wrote:
Hi all,
I'm testing AD trust following this how to:
http://www.freeipa.org/page/IPAv3_testing_AD_trust
but when I set ipa dnszone-add I get
On 12/19/2012 05:50 AM, Sumit Bose wrote:
On Wed, Dec 19, 2012 at 09:13:21AM +0100, Petr Spacek wrote:
On 12/18/2012 09:56 PM, John Dennis wrote:
ipa: ERROR: unable to parse cookie header
'ipa_session=f963e8e4006fdcd79e1a2a5a989b4d01; Domain=IPA.DOMAIN;
Path=/ipa; Expires=Thu, 18 Dec 2012 13
On 12/19/2012 01:10 PM, Andre Rodrigues wrote:
Thank you all for the answers..
I noticed that I had installed freeipa with incorrect parameters, so I
reinstalled freeipa and I think now default.conf is correct.
answering some questions:
On 12/18/2012, John Dennis wrote:
Please provide
a patched RPM.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On 01/11/2013 03:10 PM, Dmitri Pal wrote:
On 01/10/2013 11:00 AM, John Dennis wrote:
On 01/10/2013 08:15 AM, Petr Spacek wrote:
Hello,
is there any user of CSV support built-in to IPA administration tools
(ipa
command)? Do you consider it sane or even useful? Please reply.
I've always
On 01/11/2013 03:52 PM, Dmitri Pal wrote:
On 01/11/2013 03:27 PM, John Dennis wrote:
On 01/11/2013 03:10 PM, Dmitri Pal wrote:
On 01/10/2013 11:00 AM, John Dennis wrote:
On 01/10/2013 08:15 AM, Petr Spacek wrote:
Hello,
is there any user of CSV support built-in to IPA administration tools
On 01/12/2013 06:52 AM, Umarzuki Mochlis wrote:
2013/1/12 John Dennis jden...@redhat.com:
1) Download the source rpm matching the version you have installed, add the
patch, rebuild the rpm locally, install the locally built rpm.
how do i 'add the patch' to source rpm? any documentation that i
only in a very
constrained scenario, it is not a general solution. The FreeRADIUS list
is filled with folks attempts to force an Auth-Type in the users file
only to discover their woes.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
On 01/18/2013 10:13 AM, John Dennis wrote:
On 01/18/2013 09:31 AM, Han Boetes wrote:
In the users file
DEFAULT Auth-Type = Kerberos
Service-Type = NAS-Prompt-User, cisco-avpair = shell:priv-lvl=15
Be careful!
It's almost never a good idea to set the Auth-Type in the user config
and it
completes within a few seconds is that real time?
John
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
, etc.
Things like adding a user, or adding a user to a group are not compute
intensive and should execute quickly. For your intended use I don't see
any issues with the elapsed time for command execution.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com
it.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
to read.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
On 02/05/2013 01:40 PM, Thomas Sailer wrote:
On 02/05/2013 06:32 PM, John Dennis wrote:
% ipactl status
# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
pki-cad Service: RUNNING
ipa: INFO: The ipactl
everything you've said so far you imply
it does provide such hooks. Perhaps if you could be more specific we
could be more helpful.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing
this).
Then our config would have a LMTP domain socket pathname, if that
pathname exists and we can connect to it we use, if not we fallback to
not generating any mail.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
are automatically created when you install the
package. Thus there is little point in trying to manage them. If you
find yourself with a need to manage them step back and ask yourself why.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
The example cited was the apache user, a system daemon. For system users
bound to system daemons I stand by what I said. If you want to talk
about other system users not bound to a daemon than state that rather
than confusing the issue.
--
John Dennis jden...@redhat.com
Looking to carve out
On 02/15/2013 01:35 PM, Rob Crittenden wrote:
John Dennis wrote:
The example cited was the apache user, a system daemon. For system users
bound to system daemons I stand by what I said. If you want to talk
about other system users not bound to a daemon than state that rather
than confusing
On 02/15/2013 01:39 PM, Orion Poplawski wrote:
On 02/15/2013 11:38 AM, John Dennis wrote:
On 02/15/2013 01:35 PM, Rob Crittenden wrote:
John Dennis wrote:
The example cited was the apache user, a system daemon. For system users
bound to system daemons I stand by what I said. If you want
users groups managed via some other mechanism (puppet?).
I'm not sure this issue has come up before, it does present some
interesting issues.
John
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
. But the part of
the requirement is not to have non-humans show up in every client (e.g.
mail clients) that support LDAP directory lookups. That means they have
to modify the filter on every client. That's a tall order :-(
--
John Dennis jden...@redhat.com
Looking to carve out IT costs
On 02/15/2013 03:57 PM, Orion Poplawski wrote:
On 02/15/2013 01:56 PM, John Dennis wrote:
On 02/15/2013 03:46 PM, Simo Sorce wrote:
This is an interesting use case, it would probably be appropriate to
have a RFE filed to allow to create ipa users marked as 'non-person' so
On 02/15/2013 04:16 PM, Orion Poplawski wrote:
On 02/15/2013 02:02 PM, John Dennis wrote:
On 02/15/2013 03:57 PM, Orion Poplawski wrote:
On 02/15/2013 01:56 PM, John Dennis wrote:
On 02/15/2013 03:46 PM, Simo Sorce wrote:
This is an interesting use case, it would probably be appropriate
On 02/15/2013 04:54 PM, Orion Poplawski wrote:
On 02/15/2013 02:34 PM, John Dennis wrote:
On 02/15/2013 04:16 PM, Orion Poplawski wrote:
Hmm, that is the filter in TB for me too, but:
[15/Feb/2013:11:17:21 -0700] conn=931 op=1 SRCH
base=ou=people,dc=nwra,dc=com scope=2
filter=(|(mail
install interactively?
Is the realm EXAMPLE.COM really correct?
Are you able to do a kinit for ipa-b...@example.com on the client
successfully?
Are your kerberos ports open?
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
for obvious problems.
HTH,
I forget the exact version you're running on which OS. If the above is
not specific enough we can get the dogtag folks to jump in.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
. This FAQ entry
from cacert will help clarify:
http://wiki.cacert.org/SubRoot
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com
were not consistent with whether we used str's or unicode objects and it
was handy to know the difference, it's not so much of an issue any more.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts
On 02/28/2013 05:34 PM, KodaK wrote:
On Thu, Feb 28, 2013 at 3:27 PM, John Dennis jden...@redhat.com wrote:
On 02/28/2013 04:18 PM, KodaK wrote:
When performing an operation with the IPA tools, I get a message every
time similar to this:
ipa: INFO: Forwarding 'hbactest' to server u'https
On 03/01/2013 03:17 PM, KodaK wrote:
On Thu, Feb 28, 2013 at 5:01 PM, John Dennis jden...@redhat.com wrote:
On 02/28/2013 05:34 PM, KodaK wrote:
BTW, why are you parsing diagnostic output?
I haven't actually started yet, I was just getting my bearings.
I was going to wrap the commands
On 03/01/2013 04:01 PM, John Dennis wrote:
On 03/01/2013 03:17 PM, KodaK wrote:
On Thu, Feb 28, 2013 at 5:01 PM, John Dennis jden...@redhat.com wrote:
On 02/28/2013 05:34 PM, KodaK wrote:
BTW, why are you parsing diagnostic output?
I haven't actually started yet, I was just getting my
restarted httpd on aurora?
What are the contents of /etc/httpd/conf.d/ipa.conf?
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https
.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa
should just work. Please let us
know if it doesn't. I'm not surprised we still have some IPv6 bumps to
smooth out, it doesn't get exercised as much as IPv4. FWIW we fully
expect IPv6 enabled systems to be dual stack.
--
John Dennis jden...@redhat.com
Looking to carve out IT costs?
www.redhat.com
from a shell
script or you can write your own Python scripts and invoke the IPA API
directly. Be careful though, the type of operations you've described all
require administrator privileges, it's not something a general user can do.
--
John Dennis jden...@redhat.com
Looking to carve out
On 09/03/2013 12:51 AM, Jason Prouty wrote:
I have IPA-server installed and working for my linux servers
I have several cisco Routers 2821 and juniper FW that I would like to
authenticate against IPA.
I have a free radius .schema file.
First you have to tell us what authentication
On 09/04/2013 05:41 PM, Jason Prouty wrote:
I have the radius.schema file how do I add that into my ldap schema on
IPA server.
I see several ldif files /etc/dirsrv/instance/schema but they are ldif
files
If I can extend my schema integration to free radius should be easy.
Is there a
On 09/05/2013 02:29 AM, Dmitri Pal wrote:
On 09/05/2013 12:38 AM, Jason Prouty wrote:
This is the AV-Pair I would like to implement to pass back to radius.
dn: cn=priv-15,ou=cisco,ou=radius,dc=example,dc=com
objectClass: radiusObjectProfile
objectClass: radiusprofile
cn: priv-15
On 09/18/2013 01:53 PM, mees virk wrote:
I do not have a valid support contract, or other contracts with RedHat.
Doesn't that stop me from opening proper RFE ticket?
In any case, my interest was this time solely for evaluation purposes.
If I were actively choosing an integrated identity
On 09/23/2013 07:19 AM, Arturo Borrero wrote:
Hi there!
FreeIPA WebUI in spanish has some annoyances in how the text is showed.
http://img545.imageshack.us/img545/9016/9eur.png
We would like to switch from spanish to standar english in the WebUI.
Could anyone please point me in the
On 09/23/2013 07:55 AM, John Dennis wrote:
On 09/23/2013 07:19 AM, Arturo Borrero wrote:
Hi there!
FreeIPA WebUI in spanish has some annoyances in how the text is showed.
http://img545.imageshack.us/img545/9016/9eur.png
We would like to switch from spanish to standar english in the WebUI
On 11/08/2013 04:56 AM, Petr Viktorin wrote:
On 11/08/2013 09:01 AM, Martin Kosek wrote:
Thanks for heads up. You mean by the difference between O=MW and
O=MELTWATER.COM?
Petr, is this possible? Can it be validated in the the installer if this is
the
root cause?
Thats a good question.
On 11/12/2013 11:36 AM, Rob Crittenden wrote:
This is basically what I saw too. I'm waiting on someone from the NSS
team to get back to me. This must have something to do with the way that
OpenSSL validates certs vs NSS. Apparently NSS is being more picky but I
don't know why yet.
FWIW the
On 11/14/2013 03:29 AM, Andrea Bontempi wrote:
I did some tests: The error occurs when I use a CA managed by EJBCA,
if I use a CA generated by openssl or nss everything works properly.
The problem is that i can't reproduce the bug in an external nss
db... but maybe I don't follow the same
On 11/14/2013 08:56 AM, Rob Crittenden wrote:
Andrea Bontempi wrote:
This is incorrect. To validate a certificate you only need the CA public
keys, not the private ones. Only having the ipa-ca-agent key is right.
This is a temporary database, not the CA database. We are using this
cert to
92 matches
Mail list logo