> On Fri, Mar 06, 2020 at 08:09:59AM -0000, Hristina Marosevic wrote: > > Hi, > > this looks like some progress. Please check p11_child.log which might > contain detail why SSSD thinks the certificate is not valid. By default > SSSD will check the certificate with the help of the CA certificates and > does OCSP if the certificate contains the needed OCSP data. > > To disable OCSP, since your system cannot reach the OCSP responder, > please add > > certificate_verification = no_ocsp > > to the [sssd] section of sssd.conf and restart SSSD. For testing you can > even use 'no_verification' but this is should not be used in production > (see man sssd.conf for details). > > Which version of SSSD are you using? Depending on the version you might > have to add the CA certificates to different locations, please check the > 'ca_db' option described in man sssd.conf for details as well. > > bye, > Sumit
Can you please check the comment bellow? (I didn't quote your text there, so I am not sure if you got a notification for my comment) BR, Hristina _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
