Rob,
Sorry for the late response I tried the following
[root@etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n Go Daddy Class 2
Certification Authority - ValiCert, Inc. -t CT,,
[root@etc]# certutil -M -d /etc/dirsrv/slapd-EXAMPLE-COM/ -n Go Daddy Secure
Certification Authority
John Moyer wrote:
I don't know if this helps, but this is the log I'm getting from the IPA
server's apache error log.
[Mon Jun 10 17:14:52 2013] [error] SSL Library Error: -12195 Peer does not
recognize and trust the CA that issued your certificate
Apache has its own certificate database in
On 06/10/2013 02:17 PM, John Moyer wrote:
I don't know if this helps, but this is the log I'm getting from the IPA
server's apache error log.
[Mon Jun 10 17:14:52 2013] [error] SSL Library Error: -12195 Peer does not
recognize and trust the CA that issued your certificate
Is this the same
Rob,
I think you had me look at that already. This is the output from
certutil on that:
[root@ ~]# certutil -d /etc/httpd/alias -L
Certificate Nickname Trust Attributes
Rob,
Do you mean doing this? If not let me know.
[root@pki]# ls -la
total 32
drwxr-xr-x 8 root root 4096 Jun 10 20:23 .
drwxr-xr-x 90 root root 4096 Jun 10 18:05 ..
drwxr-xr-x 6 root root 4096 Mar 4 22:22 CA
drwxr-xr-x 2 root root 4096 Jul 11 2012 java
lrwxrwxrwx 1 root root
John Moyer wrote:
Rob,
Do you mean doing this? If not let me know.
[root@pki]# ls -la
total 32
drwxr-xr-x 8 root root 4096 Jun 10 20:23 .
drwxr-xr-x 90 root root 4096 Jun 10 18:05 ..
drwxr-xr-x 6 root root 4096 Mar 4 22:22 CA
drwxr-xr-x 2 root root 4096 Jul 11 2012 java
Petr,
I changed both the host file (actually did that before emailing) and
now I have changed the DNS manually in LDAP. I restart ipa and it still fails
on DNS startup. It says the following (after I manually start everything
else)
May 29 13:16:15 ip- named[9076]: set up managed
John,
I see the following when I ran that first command.
sudo certutil -d /etc/httpd/alias -L -h internal
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Go Daddy Secure
On 29.5.2013 15:50, John Moyer wrote:
I changed both the host file (actually did that before emailing) and
now I have changed the DNS manually in LDAP. I restart ipa and it still fails
on DNS startup. It says the following (after I manually start everything else)
May 29 13:16:15
John Moyer wrote:
John,
I see the following when I ran that first command.
sudo certutil -d /etc/httpd/alias -L -h internal
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Rob,
MyIPA I believe was installed by IPA. I did everything you suggested,
the below is what it looks like now.
certutil -d /etc/httpd/alias -L -h internal
Certificate Nickname Trust Attributes
John Moyer wrote:
Rob,
MyIPA I believe was installed by IPA. I did everything you suggested,
the below is what it looks like now.
certutil -d /etc/httpd/alias -L -h internal
Certificate Nickname Trust Attributes
So unfortunately a rebuild would be less than optimal for me, lots of servers
and users. So I've tried Dmitri's idea of ldapi and I got the access to LDAP
now, however I may be going about this entire thing wrong. I created an LDIF
file that looks like this:
dn:
So I did that, and it executed perfectly (went back and checked that it did
indeed replace the value as expected). I got on the machine I was trying to
add and got this:
root@ ~]# ipa-client-install --domain=example.com --server=server.example.com
--realm=EXAMPLE.COM -p builduser -w BLAH -U
John Moyer wrote:
So I did that, and it executed perfectly (went back and checked that it did
indeed replace the value as expected). I got on the machine I was trying to
add and got this:
root@ ~]# ipa-client-install --domain=example.com --server=server.example.com
--realm=EXAMPLE.COM -p
Dmitri,
Here are the corresponding answers, thanks for the quick response.
1. ipa-client-3.0.0-26.el6_4.2.x86_64
2.
[root@ ~]# ipa-client-install --domain=digitalreasoning.com
--server=ipa1.corp.digitalreasoning.com --realm=EXAMPLE.COM -p builduser -w
BLAH -U
Hostname: client.example.com
16 matches
Mail list logo