Hi Rob,
I was able to start my CA via instructions from here:
https://www.redhat.com/archives/freeipa-users/2017-January/msg00215.html
I also tried to set the clock back and restart certmonger. Still no luck:
getcert list gives me the following:
Number of certificates and requests being
Hi Rob,
I found this on my second server in /var/log/pki/pki-tomcat/ca/debug:
SSL handshake happened
Could not connect to LDAP server host freeipa-02.corp.mydomain.de port 636
Error netscape.ldap.LDAPException: Authenticatio
n failed (48)
On my primary server I found this:
Internal Database
Hi Rob,
What cat I do to troubleshoot CA?
On Wed 12. Feb 2020 at 01:00, Rob Crittenden wrote:
> Dmitri Moudraninets wrote:
> > Hi Rob,
> >
> >
> > It seems that it does not help. I found a backup which was made via
> > ipa-backup this summer. Can I use it somehow for recovery? We did
> >
Hi Rob,
It seems that it does not help. I found a backup which was made via
ipa-backup this summer. Can I use it somehow for recovery? We did nothing
to certificates since that time. We only added users/groups/servers.
Current situation:
I can't update certificates. getcert list shows multiple
Hi Rob,
Some good news. I did the same with the secondary server. Now on secondary
server I can navigate through GUI with out any errors
(authentication->certificates->certificates). But on the first server
Subjects are missing and all certificates are grayed-out except one.
Another good thing -
Hi Rob,
I did the following:
I removed original ra-agent.pem and ra-agent key
and
openssl x509 -in /root/debug.cert -out /var/lib/ipa/ra-agent.pem
chown root:ipaapi /var/lib/ipa/ra-agent.pem
chmod 0440 /var/lib/ipa/ra-agent.pem
restorecon /var/lib/ipa/ra-agent.pem
Successfully restarted
Hi Rob,
ldapsearch -LLL -o ldif-wrap=no -x -D 'cn=directory manager' -W
-b uid=ipara,ou=People,o=ipaca usercertificate
shows me the following:
Issuer: O=CORP.MYDOMAIN.DE, CN=Certificate Authority
Validity
Not Before: Dec 5 15:32:12 2017 GMT
Not After :
me way?
>
> What is the history of this? Did this happen in conjunction with
> troubleshooting another problem?
>
> Can you provide the output of:
>
> # getcert list -f /var/lib/ipa/ra-agent.pem
> # openssl x509 -text -in /var/lib/ipa/ra-agent.pem
>
> rob
>
> >
, Rob Crittenden :
> Dmitri Moudraninets via FreeIPA-users wrote:
> > Hi All,
> >
> >
> > I have a werid issue with FreeIPA. I can't do anything with
> > certificates. I also can't upgrade FreeIPA. If I run ipa-server-update I
> > receive this:
> > U
Hi All,
I have a werid issue with FreeIPA. I can't do anything with certificates. I
also can't upgrade FreeIPA. If I run ipa-server-update I receive this:
Unexpected error - see /var/log/ipaupgrade.log for details:
NetworkError: cannot connect to '
10 matches
Mail list logo