On 11/11/2014 02:47 PM, Natxo Asenjo wrote: > hi, > > On Tue, Nov 11, 2014 at 2:13 PM, Martin Kosek <mko...@redhat.com> wrote: > >> I meant IPA server running on RHEL/CentOS 6.5 or older... This is the one >> that >> can regenerate CAcert entry without double encoding. > > ok. > > So I removed the cacert object and ran > > ipa-ldap-updater --upgrade --ldapi > > (it does not know the --quiet switch in this version). And now in he > apache directory studio I see the value of the attribue is X509v3: > CN=Certificate Authority, O=DOMAIN.TLD
Ah, looks good. > So that's fixed. But certmonger on the client still gives me the same errror > > Could I send you the full log of certmonger privately (1.1M)? Sure. Though Nalin (CCed) would be better candidate as he is knowledgeable about certmonger internals. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project