hiignore my last email,I ran list of certs, you can see I have 2 of auditSigningCert, what is this , do you know it?
certutil -L -d /var/lib/pki-ca/alias Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI subsystemCert cert-pki-ca u,u,Pu Server-Cert cert-pki-ca u,u,u auditSigningCert cert-pki-ca u,u,u caSigningCert cert-pki-ca CTu,Cu,Cu Server-Cert cert-pki-ca u,u,u auditSigningCert cert-pki-ca u,u,Pu ocspSigningCert cert-pki-ca u,u,Pu From: Rob Crittenden <rcrit...@redhat.com> To: mohammad sereshki <mohammadseres...@yahoo.com>; "freeipa-users@redhat.com" <freeipa-users@redhat.com> Sent: Friday, July 22, 2016 12:45 AM Subject: Re: [Freeipa-users] Freeipa-users Digest, Vol 96, Issue 125 mohammad sereshki wrote: > hi > I did some changes not I get below werror when I open HTTP service in > web interface What changes did you do? From a previous e-mail the problem is that the CA couldn't validate its own certificates. This is sometimes an issue with certificate trust. To look at it run: # certutil -L -d /var/lib/pki-ca/alias The auditSigningCert should have a trust of u,u,Pu. If it doesn't you can fix it with: # certutil -M -d /var/lib/pki-ca/alias -n 'auditSigningCert cert-pki-ca' -t u,u,Pu > Certificate operation cannot be completed: EXCEPTION (Certificate serial > number 0x276 not found) Do you have other CA masters (if not you should, but do that once things are stable)? rob > > > ------------------------------------------------------------------------ > *From:* "freeipa-users-requ...@redhat.com" > <freeipa-users-requ...@redhat.com> > *To:* freeipa-users@redhat.com > *Sent:* Thursday, July 21, 2016 11:38 PM > *Subject:* Freeipa-users Digest, Vol 96, Issue 125 > > Send Freeipa-users mailing list submissions to > freeipa-users@redhat.com <mailto:freeipa-users@redhat.com> > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.redhat.com/mailman/listinfo/freeipa-users > or, via email, send a message with subject or body 'help' to > freeipa-users-requ...@redhat.com <mailto:freeipa-users-requ...@redhat.com> > > You can reach the person managing the list at > freeipa-users-ow...@redhat.com <mailto:freeipa-users-ow...@redhat.com> > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeipa-users digest..." > > > Today's Topics: > > 1. Re: regenerate certificate (mohammad sereshki) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 21 Jul 2016 19:08:16 +0000 (UTC) > From: mohammad sereshki <mohammadseres...@yahoo.com > <mailto:mohammadseres...@yahoo.com>> > To: Rob Crittenden <rcrit...@redhat.com > <mailto:rcrit...@redhat.com>>, Florence Blanc-Renaud > <f...@redhat.com <mailto:f...@redhat.com>>, Freeipa-users > <freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>> > Subject: Re: [Freeipa-users] regenerate certificate > Message-ID: > <1119368990.3296955.1469128096522.javamail.ya...@mail.yahoo.com > <mailto:1119368990.3296955.1469128096522.javamail.ya...@mail.yahoo.com>> > Content-Type: text/plain; charset="utf-8" > > and this is for catalina.out > > SEVERE: A web application created a ThreadLocal with key of type [null] > (value [com.netscape.cmscore.util.Debug$1@39139da8 <mailto:1@39139da8>]) > and a > value of type [java.text.SimpleDateFormat] (value > [java.text.SimpleDateFormat@d1b317c9 > <mailto:java.text.SimpleDateFormat@d1b317c9>]) but failed to remove it > when the web appli > cation was stopped. To prevent a memory leak, the ThreadLocal has been > forcibly removed. > Jul 21, 2016 11:10:10 PM org.apache.catalina.loader.WebappClassLoader > clearThreadLocalMap > SEVERE: A web application created a ThreadLocal with key of type [null] > (value [com.netscape.cmscore.util.Debug$1@39139da8 <mailto:1@39139da8>]) > and a > value of type [java.text.SimpleDateFormat] (value > [java.text.SimpleDateFormat@d1b317c9 > <mailto:java.text.SimpleDateFormat@d1b317c9>]) but failed to remove it > when the web appli > cation was stopped. To prevent a memory leak, the ThreadLocal has been > forcibly removed. > Jul 21, 2016 11:10:11 PM org.apache.coyote.http11.Http11Protocol destroy > INFO: Stopping Coyote HTTP/1.1 on http-9180 > Jul 21, 2016 11:10:11 PM org.apache.coyote.http11.Http11Protocol destroy > INFO: Stopping Coyote HTTP/1.1 on http-9443 > Jul 21, 2016 11:10:11 PM org.apache.coyote.http11.Http11Protocol destroy > INFO: Stopping Coyote HTTP/1.1 on http-9445 > Jul 21, 2016 11:10:11 PM org.apache.coyote.http11.Http11Protocol destroy > INFO: Stopping Coyote HTTP/1.1 on http-9444 > Jul 21, 2016 11:10:11 PM org.apache.coyote.http11.Http11Protocol destroy > INFO: Stopping Coyote HTTP/1.1 on http-9446 > Exception in thread "Timer-0" java.lang.NullPointerException > ??????? at com.netscape.certsrv.apps.CMS.getConfigStore(CMS.java:771) > ??????? at > com.netscape.cms.servlet.csadmin.LDAPSecurityDomainSessionTable.getSessionIds(LDAPSecurityDomainSessionTable.java:156) > ??????? at > com.netscape.cms.servlet.csadmin.SessionTimer.run(SessionTimer.java:33) > ??????? at java.util.TimerThread.mainLoop(Timer.java:555) > ??????? at java.util.TimerThread.run(Timer.java:505) > Jul 21, 2016 11:10:43 PM org.apache.catalina.core.AprLifecycleListener init > INFO: The APR based Apache Tomcat Native library which allows optimal > performance in production environments was not found on the > java.library.path: > /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib > Jul 21, 2016 11:10:43 PM org.apache.coyote.http11.Http11Protocol init > INFO: Initializing Coyote HTTP/1.1 on http-9180 > Warning: SSL ECC cipher "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" > unsupported by NSS. This is probably O.K. unless ECC support has been > installed. > Warning: SSL ECC cipher "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" > unsupported by NSS. This is probably O.K. unless ECC support has been > installed. > : > > > > From: mohammad sereshki <mohammadseres...@yahoo.com > <mailto:mohammadseres...@yahoo.com>> > To: Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com>>; > Florence Blanc-Renaud <f...@redhat.com <mailto:f...@redhat.com>>; > Freeipa-users <freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>> > Sent: Thursday, July 21, 2016 11:36 PM > Subject: Re: [Freeipa-users] regenerate certificate > > and below is for selftests.log > > 3971.main - [21/Jul/2016:16:20:13 IRDT] [20] [1] SelfTestSubsystem: > Running self test plugins specified to be executed at startup: > 3971.main - [21/Jul/2016:16:20:13 IRDT] [20] [1] CAPresence:? CA is present > 3971.main - [21/Jul/2016:16:20:13 IRDT] [20] [1] > SystemCertsVerification: system certs verification failure > 3971.main - [21/Jul/2016:16:20:13 IRDT] [20] [1] SelfTestSubsystem: The > CRITICAL self test plugin called > selftests.container.instance.SystemCertsVerification running at startup > FAILED! > 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem: > Initializing self test plugins: > 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem:? > loading all self test plugin logger parameters > 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem:? > loading all self test plugin instances > 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem:? > loading all self test plugin instance parameters > 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem:? > loading self test plugins in on-demand order > 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem:? > loading self test plugins in startup order > 1523.main - [21/Jul/2016:23:10:45 IRDT] [20] [1] SelfTestSubsystem: Self > test plugins have been successfully loaded! > 1523.main - [21/Jul/2016:23:10:46 IRDT] [20] [1] SelfTestSubsystem: > Running self test plugins specified to be executed at startup: > 1523.main - [21/Jul/2016:23:10:46 IRDT] [20] [1] CAPresence:? CA is present > 1523.main - [21/Jul/2016:23:10:46 IRDT] [20] [1] > SystemCertsVerification: system certs verification failure > 1523.main - [21/Jul/2016:23:10:46 IRDT] [20] [1] SelfTestSubsystem: The > CRITICAL self test plugin called > selftests.container.instance.SystemCertsVerification running at startup > FAILED! > (END) > > > > From: mohammad sereshki <mohammadseres...@yahoo.com > <mailto:mohammadseres...@yahoo.com>> > To: Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com>>; > Florence Blanc-Renaud <f...@redhat.com <mailto:f...@redhat.com>>; > Freeipa-users <freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>> > Sent: Thursday, July 21, 2016 11:34 PM > Subject: Re: [Freeipa-users] regenerate certificate > > hiI find below in debug file under /var/log/pki-cawhat is your comment? > > 21/Jul/2016:23:13:42][TP-Processor3]: according to ccMode, authorization > for servlet: caDisplayBySerial is LD > AP based, not XML {1}, use default authz mgr: {2}. > [21/Jul/2016:23:15:44][Timer-0]: CMSEngine: getPasswordStore(): password > store initialized before. > [21/Jul/2016:23:15:44][Timer-0]: CMSEngine: getPasswordStore(): password > store initialized. > [21/Jul/2016:23:15:44][Timer-0]: CMSEngine: getPasswordStore(): password > store initialized before. > [21/Jul/2016:23:15:44][Timer-0]: CMSEngine: getPasswordStore(): password > store initialized. > [21/Jul/2016:23:20:44][Timer-0]: CMSEngine: getPasswordStore(): password > store initialized before. > [21/Jul/2016:23:20:44][Timer-0]: CMSEngine: getPasswordStore(): password > store initialized. > [21/Jul/2016:23:20:44][Timer-0]: CMSEngine: getPasswordStore(): password > store initialized before. > [21/Jul/2016:23:20:44][Timer-0]: CMSEngine: getPasswordStore(): password > store initialized. > [21/Jul/2016:23:20:45][CertStatusUpdateThread]: About to start > updateCertStatus > [21/Jul/2016:23:20:45][CertStatusUpdateThread]: Starting > updateCertStatus (entered lock) > > > > From: Rob Crittenden <rcrit...@redhat.com > <mailto:rcrit...@redhat.com>> > To: mohammad sereshki <mohammadseres...@yahoo.com > <mailto:mohammadseres...@yahoo.com>>; Florence Blanc-Renaud > <f...@redhat.com <mailto:f...@redhat.com>>; Freeipa-users > <freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>> > Sent: Thursday, July 21, 2016 11:21 PM > Subject: Re: [Freeipa-users] regenerate certificate > > mohammad sereshki wrote: > > hi > > would you please explain more > > ? > > Your CA (dogtag) is not running. The CA is written in java and deployed > as a WAR in tomcat. If something goes wrong during initialization the CA > will exit but tomcat will not. > > Requests to the CA are returning 404 Not Found because the application > is not running in dogtag. > > You need to look at the logs in /var/log/pki-ca to see what is going on. > > I'd start with selftests.log then move onto catalina.out and debug. > > rob > > > > > > > ------------------------------------------------------------------------ > > *From:* Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com>> > > *To:* mohammad sereshki <mohammadseres...@yahoo.com > <mailto:mohammadseres...@yahoo.com>>; Florence > > Blanc-Renaud <f...@redhat.com <mailto:f...@redhat.com>>; Freeipa-users > <freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>> > > *Sent:* Thursday, July 21, 2016 11:09 PM > > *Subject:* Re: [Freeipa-users] regenerate certificate > > > > mohammad sereshki wrote: > >? > hi > >? > it is result of command, seems issue is another thing > >? > > >? > > >? >? ipa cert-show 1 > >? > ipa: ERROR: Certificate operation cannot be completed: Unable to > >? > communicate with CMS (Not Found) > > > > Which means that the CA still isn't up. You're going to need to look at > > the dogtag logs in /var/log/pki*. debug is probably the place to start. > > > > rob > > > >? > > >? > > >? > > >? > > ------------------------------------------------------------------------ > >? > *From:* Rob Crittenden <rcrit...@redhat.com > <mailto:rcrit...@redhat.com> <mailto:rcrit...@redhat.com > <mailto:rcrit...@redhat.com>>> > >? > *To:* mohammad sereshki <mohammadseres...@yahoo.com > <mailto:mohammadseres...@yahoo.com> > > <mailto:mohammadseres...@yahoo.com > <mailto:mohammadseres...@yahoo.com>>>; Florence > >? > Blanc-Renaud <f...@redhat.com <mailto:f...@redhat.com> > <mailto:f...@redhat.com <mailto:f...@redhat.com>>>; Freeipa-users > > <freeipa-users@redhat.com <mailto:freeipa-users@redhat.com> > <mailto:freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>>> > >? > *Sent:* Thursday, July 21, 2016 8:08 PM > >? > *Subject:* Re: [Freeipa-users] regenerate certificate > >? > > >? > mohammad sereshki wrote: > >? >? > dear > >? >? > thanks, but would you please check below and let me know what > is your > >? >? > idea?I checked your command but it did not work. > >? > > >? > The Not Found suggests that the CA is not up. I'd try restarting the > >? > pki-cad process to see if that helps. > >? > > >? > A simple test that communication is working is: ipa cert-show 1 > >? > > >? > The output isn't important as long as it isn't an error. > >? > > >? > rob > >? > > >? > > >? >? > > >? >? > > >? >? > > >? >? > Number of certificates and requests being tracked: 8. > >? >? > Request ID '20140817123525': > >? >? >? ? ? ? ? status: MONITORING > >? >? >? ? ? ? ? ca-error: Unable to determine principal name for signing > >? > request. > >? >? >? ? ? ? ? stuck: no > >? >? >? ? ? ? ? key paCOM storage: > >? >? > > type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS > >? >? > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' > >? >? >? ? ? ? ? certificate: > >? >? > > type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS > >? >? > Certificate DB' > >? >? >? ? ? ? ? CA: IPA > >? >? >? ? ? ? ? issuer: CN=Certificate Authority,O=EXAMPLE.COM > >? >? >? ? ? ? ? subject: CN=IPA RA,O=EXAMPLE.COM > >? >? >? ? ? ? ? expCOMes: 2018-06-30 07:56:06 UTC > >? >? >? ? ? ? ? eku: id-kp-serverAuth,id-kp-clientAuth > >? >? >? ? ? ? ? pre-save command: > >? >? >? ? ? ? ? post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert > >? >? >? ? ? ? ? track: yes > >? >? >? ? ? ? ? auto-renew: yes > >? >? > Request ID '20140817123534': > >? >? >? ? ? ? ? status: CA_UNREACHABLE > >? >? >? ? ? ? ? ca-error: Server failed request, will retry: 4301 (RPC > failed > >? >? > at server.? Certificate operation cannot be completed: Unable to > >? >? > communicate with CMS (Not Found)). > >? >? >? ? ? ? ? stuck: yes > >? >? >? ? ? ? ? key paCOM storage: > >? >? > > >? > > > > type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE.-COM',nickname='Server-Cert',token='NSS > >? >? > Certificate > DB',pinfile='/etc/dCOMsrv/slapd-EXAMPLE.-COM/pwdfile.txt' > >? >? >? ? ? ? ? certificate: > >? >? > > >? > > > > type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE.-COM',nickname='Server-Cert',token='NSS > >? >? > Certificate DB' > >? >? >? ? ? ? ? CA: IPA > >? >? >? ? ? ? ? issuer: CN=Certificate Authority,O=EXAMPLE.COM > >? >? >? ? ? ? ? subject: CN=ipatestsrv.EXAMPLE.COM,O=EXAMPLE.COM > >? >? >? ? ? ? ? expCOMes: 2016-08-17 12:35:34 UTC > >? >? >? ? ? ? ? eku: id-kp-serverAuth,id-kp-clientAuth > >? >? >? ? ? ? ? pre-save command: > >? >? >? ? ? ? ? post-save command: > /usr/lib64/ipa/certmonger/restart_dCOMsrv > >? >? > EXAMPLE.-COM > >? >? >? ? ? ? ? track: yes > >? >? >? ? ? ? ? auto-renew: yes > >? >? > Request ID '20140817123602': > >? >? >? ? ? ? ? status: CA_UNREACHABLE > >? >? >? ? ? ? ? ca-error: Server failed request, will retry: 4301 (RPC > failed > >? >? > at server.? Certificate operation cannot be completed: Unable to > >? >? > communicate with CMS (Not Found)). > >? >? >? ? ? ? ? stuck: yes > >? >? >? ? ? ? ? key paCOM storage: > >? >? > > >? > > > > type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS > >? >? > Certificate DB',pinfile='/etc/dCOMsrv/slapd-PKI-IPA/pwdfile.txt' > >? >? >? ? ? ? ? certificate: > >? >? > > >? > > > > type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS > >? >? > Certificate DB' > >? >? >? ? ? ? ? CA: IPA > >? >? >? ? ? ? ? issuer: CN=Certificate Authority,O=EXAMPLE.COM > >? >? >? ? ? ? ? subject: CN=ipatestsrv.EXAMPLE.COM,O=EXAMPLE.COM > >? >? >? ? ? ? ? expCOMes: 2016-08-17 12:36:02 UTC > >? >? >? ? ? ? ? eku: id-kp-serverAuth,id-kp-clientAuth > >? >? >? ? ? ? ? pre-save command: > >? >? >? ? ? ? ? post-save command: > /usr/lib64/ipa/certmonger/restart_dCOMsrv > >? >? > PKI-IPA > >? >? >? ? ? ? ? track: yes > >? >? >? ? ? ? ? auto-renew: yes > >? >? > Request ID '20140817123752': > >? >? >? ? ? ? ? status: CA_UNREACHABLE > >? >? >? ? ? ? ? ca-error: Server failed request, will retry: 4301 (RPC > failed > >? >? > at server.? Certificate operation cannot be completed: Unable to > >? >? > communicate with CMS (Not Found)). > >? >? >? ? ? ? ? stuck: yes > >? >? >? ? ? ? ? key paCOM storage: > >? >? > > > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS > >? >? > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' > >? >? >? ? ? ? ? certificate: > >? >? > > > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS > >? >? > Certificate DB' > >? >? >? ? ? ? ? CA: IPA > >? >? >? ? ? ? ? issuer: CN=Certificate Authority,O=EXAMPLE.COM > >? >? >? ? ? ? ? subject: CN=ipatestsrv.EXAMPLE.COM,O=EXAMPLE.COM > >? >? >? ? ? ? ? expCOMes: 2016-08-17 12:37:51 UTC > >? >? >? ? ? ? ? eku: id-kp-serverAuth,id-kp-clientAuth > >? >? >? ? ? ? ? pre-save command: > >? >? >? ? ? ? ? post-save command: /usr/lib64/ipa/certmonger/restart_httpd > >? >? >? ? ? ? ? track: yes > >? >? >? ? ? ? ? auto-renew: yes > >? >? > You have new mail in /var/spool/mail/root > >? >? > > >? >? > > >? >? > > > ------------------------------------------------------------------------ > >? >? > *From:* Florence Blanc-Renaud <f...@redhat.com > <mailto:f...@redhat.com> > > <mailto:f...@redhat.com <mailto:f...@redhat.com>> > <mailto:f...@redhat.com <mailto:f...@redhat.com> <mailto:f...@redhat.com > <mailto:f...@redhat.com>>>> > >? >? > *To:* mohammad sereshki <mohammadseres...@yahoo.com > <mailto:mohammadseres...@yahoo.com> > > <mailto:mohammadseres...@yahoo.com <mailto:mohammadseres...@yahoo.com>> > >? > <mailto:mohammadseres...@yahoo.com <mailto:mohammadseres...@yahoo.com> > > <mailto:mohammadseres...@yahoo.com > <mailto:mohammadseres...@yahoo.com>>>>; Freeipa-users > >? >? > <freeipa-users@redhat.com <mailto:freeipa-users@redhat.com> > <mailto:freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>> > > <mailto:freeipa-users@redhat.com <mailto:freeipa-users@redhat.com> > <mailto:freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>>>> > > > >? >? > *Sent:* Thursday, July 21, 2016 11:30 AM > >? >? > *Subject:* Re: [Freeipa-users] regenerate certificate > >? >? > > >? >? > On 07/20/2016 10:04 PM, mohammad sereshki wrote: > >? >? >? > hi > >? >? >? > I check my IPA server which is version ipa-server-3.0.0-25 , > > command > >? >? >? > "ipa-get-cert list" show, my certificate will be expired in next > >? > 20 days, > >? >? >? > I do not know how to regenerate them > >? >? >? > but command "getcert list" shows epirtion certificates are > related > >? > just > >? >? >? > to "CA:IPA" and certificate " CA: dogtag-ipa-renew-agent" ,? has > >? > enough > >? >? >? > time . > >? >? >? > would you please help me to know how to regenerate CA:IPA > >? > certificates? > >? >? >? > > >? >? >? > Best Regards > >? >? >? > > >? >? >? > > >? >? >? > > >? >? > > >? >? > Hi Mohammad, > >? >? > > >? >? > the certificates issued by IPA CA are normally tracked by > > certmonger and > >? >? > automatically renewed when they are near their expiration date. To > > make > >? >? > sure that your certificates are tracked, you can issue > >? >? > > >? >? > $ ipa-getcert list > >? >? > > >? >? > and check the "status:" field for each certificate. It should > display > >? >? > "MONITORING". > >? >? > > >? >? > If you want to manually renew them, you must note their request > ID and > >? >? > use the command > >? >? > $ ipa-getcert resubmit -i $REQUEST_ID > >? >? > > >? >? > Hope this helps, > >? >? > Flo. > >? >? > > >? >? > > >? >? > > >? >? > > >? >? > > >? > > >? > > >? > > > > > > > > > > > > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <https://www.redhat.com/archives/freeipa-users/attachments/20160721/ef74f106/attachment.html> > > ------------------------------ > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com> > https://www.redhat.com/mailman/listinfo/freeipa-users > > End of Freeipa-users Digest, Vol 96, Issue 125 > ********************************************** > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project