[Freeipa-users] Re: Changing CA certificate subject name post-install

On Tue, Mar 20, 2018 at 08:22:53AM -0500, Kirk VanOpdorp via FreeIPA-users wrote: > I have an external CA that I need to renew due to the root CA expiring soon > and they grumbled at the CA subject last time and I suggested I would look > into changing it. I don't see any route via the

[Freeipa-users] replication broken

So for some reason yesterday my replication broke.  Checked out the logs and found this:Mar 20 14:16:02 freeipa01 systemd: ipa-dnskeysyncd.service: main process exited, code=exited, status=1/FAILUREMar 20 14:16:02 freeipa01 systemd: Unit ipa-dnskeysyncd.service entered failed state.Mar 20

[Freeipa-users] remote udate vectors

While doing some troubleshooting on replication I found that I have an old server in my replica list-ruvs.  How would I go about removing that?___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to

[Freeipa-users] Re: FreeIPA in AWS

So I made the changes to the SecurityGroup in AWS and my local FreeIPA servers can't talk up.  I suspect this is something on the AWS side.  :-( On Tuesday, March 20, 2018 9:17 AM, Andrew Meyer via FreeIPA-users wrote: Thank you sir!  I will added

[Freeipa-users] Re: Remove and add a new CA autority

indeed, there has been a problem for a very long time. I think the problem happened at the time of the migration centos 6 to centos 7. # ipa ca-show ipa ipa: ERROR: ipa: Certificate Authority Not Found how can I solve this little/big problem? thx Pierre Le 17/03/2018 à 15:04, Pierre

[Freeipa-users] Re: FreeIPA in AWS

On ti, 20 maalis 2018, Andrew Meyer via FreeIPA-users wrote: I have FreeIPA setup on CentOS 7 in AWS.  However we are looking to lock down communication over our VPN tunnel.  Trying to do some research to see what ports I need.  I've gotten most of them, 80,443,88,464,389,636,123.  I have it

[Freeipa-users] FreeIPA in AWS

I have FreeIPA setup on CentOS 7 in AWS.  However we are looking to lock down communication over our VPN tunnel.  Trying to do some research to see what ports I need.  I've gotten most of them, 80,443,88,464,389,636,123.  I have it setup to allow UDP/TCP for both sides.  However in the amazon

[Freeipa-users] Re: Changing CA certificate subject name post-install

I have an external CA that I need to renew due to the root CA expiring soon and they grumbled at the CA subject last time and I suggested I would look into changing it. I don't see any route via the ipa-cacert-manage renew to change the subject but I'd be up for investigating if you have any