Hi John,
Looks like the Certmonger tracking requests are missing the
principal name. So here's the first thing to try: wind back the
clock again, restart IPA, and then issue the following certmonger
commands:
- getcert resubmit -i 20190203000836 -K "HTTP/@"
- getcert resubmit -i 20190329001401
John Aquino via FreeIPA-users wrote:
> Hi all,
>
> I was referred to this place by Florence. I'm hoping to get some help in the
> right direction with this issue I've been having.
> I have a FreeIPA system that I inherited from a previous coworker with no
> install notes so I'm trying to figure
Hi all,
I was referred to this place by Florence. I'm hoping to get some help in the
right direction with this issue I've been having.
I have a FreeIPA system that I inherited from a previous coworker with no
install notes so I'm trying to figure out heads/tails out of this thing.
From what I
Alexander Bokovoy via FreeIPA-users wrote:
> On to, 11 huhti 2019, Rob Crittenden via FreeIPA-users wrote:
>> Bret Wortman via FreeIPA-users wrote:
>>> Thanks, Rob. I'm a lot closer now.
>>>
>>> What I'm getting now looks like:
>>>
>>> # KRB5_CLIENT_KTNAME=/etc/krb5.keytab ipa cert-request --add
On to, 11 huhti 2019, Rob Crittenden via FreeIPA-users wrote:
Bret Wortman via FreeIPA-users wrote:
Thanks, Rob. I'm a lot closer now.
What I'm getting now looks like:
# KRB5_CLIENT_KTNAME=/etc/krb5.keytab ipa cert-request --add
--principal=HTTP/$HOST $DB/$HOST.csr
IPA: error: tHE SERVICE
I should have realized that. We'll just stick with FQDNs from now on.
I adjusted my wrapper and now it runs to completion and does what we expect.
Thanks, Rob!
Bret Wortman
Founder, Damascus Products, LLC
855-644-2783 (tel:855-644-2783) | b...@wrapbuddies.co
Bret Wortman via FreeIPA-users wrote:
> Thanks, Rob. I'm a lot closer now.
>
> What I'm getting now looks like:
>
> # KRB5_CLIENT_KTNAME=/etc/krb5.keytab ipa cert-request --add
> --principal=HTTP/$HOST $DB/$HOST.csr
> IPA: error: tHE SERVICE PRINCIPAL FOR SUBJECT ALT NAME myhost in
> certificate
Thanks, Rob. I'm a lot closer now.
What I'm getting now looks like:
# KRB5_CLIENT_KTNAME=/etc/krb5.keytab ipa cert-request --add
--principal=HTTP/$HOST $DB/$HOST.csr
IPA: error: tHE SERVICE PRINCIPAL FOR SUBJECT ALT NAME myhost in certificate
request does not exist
What we've done before is
I know I can paste a CSR from one of our servers into the GUI and generate a
new cert, but how can I do this from a command line?
I've been working with this:
# ipa cert-request --principal=HTTP/$HOST $DB/$HOST.csr
But that's giving me an error that the principal doesn't exist. Then
Hi Thierry,
Il 11/04/2019 11:31, thierry bordaz via FreeIPA-users ha scritto:
> Hi Giulio,
>
> During the new IPA server installation (idc01) the server idc02 sends
> all its entries (total update), one after the other.
> The entries are sent idc02->idc01 over a sasl encrypted connection. I
>
Hi Giulio,
During the new IPA server installation (idc01) the server idc02 sends
all its entries (total update), one after the other.
The entries are sent idc02->idc01 over a sasl encrypted connection. I
suspect that one of the entry sent by idc02 is large (a static group ?)
and its encrypted
Hi Thierry, Rob, Flo,
unfortunately I have no failure log anymore (after a couple of
reinstallations they get lost). Anyway I'll try to reconstruct some
information to help you investigate further. The behaviour was:
1. the IPA replication started, coming rapidly to "[28/41]: setting up
initial
12 matches
Mail list logo
