Ipa server: rhel7.2, ipa ping ="IPA server version 4.2.0. API version 2.156"
In order to use ldap through load balancer, I added an alternative dns name to ipa server certificate. ipa-getcert resubmit -i <id> -D newname.differentdomaine.net It all seemed well, the extra name was entered into the certificate, expiration day 2018-04-27 12:20:55 UTC. and I can access ldaps through the load balancer. But in /var/log/dirsrv/slapd-*/acces I see a lot of "SSL peer cannot verify your certificate" and cert operations are gone: idm1:~$ ipa cert-find ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (Internal Server Error) Anybody have an idea of what I missed? Venlig hilsen Bjarne Blichfeldt Infrastructure Services Direkte +4563636119 Mobile +4521593270 b...@jndata.dk [cid:image002.png@01D19FD4.9D73F340] JN Data A/S * Havsteensvej 4 * 4000 Roskilde Telefon 63 63 63 63/ Fax 63 63 63 64 www.jndata.dk [cid:image004.png@01D19FD4.9D73F340]
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project