> Jason,
>
> Yes, bad search filter there - apologies.
>
> This one is better:
>
> # ldapsearch -xLLL -D "cn=Directory Manager" -W -b
> ou=certificateprofiles,ou=ca,o=ipaca
> '(&(nsds5ReplConflict=*)(objectclass=ldapsubentry))'
>
> The base DN you want to specify is
running your LDAP search returns invalid search, missing a ) on the
end, (I think). Adding ) to the end returns a lot of data but nothing
with nsds5ReplConflict. this is the end statement
# search result
search: 2
result: 0 Success
# numResponses: 105
# numEntries: 104
Running this, search for
ert-pki-ca u,u,Pu
caSigningCert cert-pki-caCTu,Cu,Cu
ocspSigningCert cert-pki-ca u,u,u
subsystemCert cert-pki-ca u,u,u
On Thu, Jan 10, 2019 at 6:00 PM Rob Crittenden wrote:
>
So I have an expired cert somewhere. Or something really weird. Setting
system time to 10/01/2018 PKI-Tomcat starts. Restarted certmonger and dirsrv.
Moved date to 11/01/2018, restarted certmonger, dirsrv and pki-tomcat.
pki-tomcat started. Moved date to 12/01/2018, restarted services,
Was wondering if anyone had a chance to look through the logs posted for
anything useful?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of
gt; On Sat, Dec 29, 2018 at 11:07:07PM -0000, Jason Wood via FreeIPA-users wrote:
> > This is on all 4 systems having the issue
> > ipa --version
> > VERSION: 4.6.4, API_VERSION: 2.229
> >
> > When system was updated ipa-server-upgrade was ran, and it did complete
>
This is on all 4 systems having the issue
ipa --version
VERSION: 4.6.4, API_VERSION: 2.229
When system was updated ipa-server-upgrade was ran, and it did complete
successful
2018-12-19T23:34:26Z INFO The ipa-server-upgrade command was successful
Running the command fails now, as the CA won't
I know what is not the issue. No certs are expired
expires: 2020-01-13 13:27:04 UTC
expires: 2020-01-02 13:25:21 UTC
expires: 2020-01-02 13:25:20 UTC
expires: 2020-01-02 13:25:20 UTC
expires: 2038-01-12 13:25:20 UTC
expires: 2020-01-02 13:25:38 UTC
A little more information.
pki-tomcatd is starting. ports 8080, 8443 and 8009 are open and responding.
gssproxy is up and working
Still no errors in any logs.
PKI is able to make SSL connections to LDAP, the certificates are all valid and
it is using the correct certificates.
In the tomcat
Already went through that page several times, All checks passed. All certs are
good. none are expired. The cert in NSS is the same in LDAP. No errors
communicating/logging in.
It is the lack of errors that is the most troubling.
___
FreeIPA-users
Upgraded from CentOS 7.5 to 7.6 which includes IPA upgrade.from 4.5.4-10 to
4.6.4-10 upgrade was done via yum upgrade
Upgrade went fine. I see no alarming errors in the logs. It stopped and
started all the servers did the ipa upgrade. All was fine once completed.
Reboot and now pki-tomcatd
11 matches
Mail list logo