[Freeipa-users] vulnerability on port 8443 reported by Nessus scanner- caSigningCert cert-pki-ca

Hi Team, I have a vulnerability on port 8443 reported by Nessus scanner I have third-party certificate already installed at LDAP and Apache services I have root and intermediate certificate also installed on pki-tomcat service as shown below The certificate "caSigningCert cert-pki-ca" which

[Freeipa-users] Re: IPA replica installation failed-SEVERE: Unable to start CA engine: Selftest failed: Invalid certificate Server-Cert cert-pki-ca: NotBefore: Mon Apr 01 03:41:49 CST 2024

est failed: Invalid certificate Server-Cert cert-pki-ca: NotBefore: Mon Apr 01 03:41:49 CST 2024 CAUTION. This email originated from outside the organization. Please exercise caution before clicking on links or attachments in case of suspicion or unknown senders. Polavarapu Manideep Sai v

[Freeipa-users] IPA replica installation failed-SEVERE: Unable to start CA engine: Selftest failed: Invalid certificate Server-Cert cert-pki-ca: NotBefore: Mon Apr 01 03:41:49 CST 2024

Hi Team, Any one faced this issue during replica installation I have third party SSL certificate installed on master server IPA Version: [root@dir02-mex ~]# ipa --version VERSION: 4.10.2, API_VERSION: 2.252 Certificate Expiry: [root@dir02-mex ~]# certutil -L -d /etc/pki/pki-tomcat/alias/

[Freeipa-users] Seeking an advice on migrating freeipa environment from centos 7 to Almalinux 9

Hi Team, Seeking an advice on migrating freeipa environment from centos 7 to Almalinux 9 Consider there are 4 servers 1 as IPA master and rest are replicas 1. master.ipa.example.com [centos 7.9 IPA 4.6.8] 2. Replica1.ipa.example.com [centos 7.9 IPA 4.6.8] 3. Replica2.ipa.example.com

[Freeipa-users] Integration of lower version of client IPA with higher version of Server IPA

Hi All, Can ipa client installation/integration possible with below IPA versions ? IPA Server: Redhat7.X and IPA 4.6.8 IPA Client: Redhat6.X and IPA 3.0.0 Regards Sai DISCLAIMER: The information in this message is confidential and may be legally

[Freeipa-users] Re: Can we go for replica installation without using 80 port instead only using 443 port

without using 80 port instead only using 443 port CAUTION. This email originated from outside the organization. Please exercise caution before clicking on links or attachments in case of suspicion or unknown senders. Polavarapu Manideep Sai via FreeIPA-users wrote: > Hi Team, > > &

[Freeipa-users] Can we go for replica installation without using 80 port instead only using 443 port

Hi Team, Can we install IPA replica without using 80 port instead only using 443 port? Is it possible ? If it is possible how can we achieve this ? [using port forwarding ? or any configuration changes?] If it is not possible, why ? Regards Sai DISCLAIMER:

[Freeipa-users] Krb5kdc and kadmin services not getting started

Hi Team, Krb5kdc and kadmin services not getting started PFB error logs As you can see we are getting "Kerberos User Principal not found. Do you have a valid Credential Cache?" upon getting new keytab [root@dir ~]# tail -f /var/log/krb5kdc.log krb5kdc: Server error - while fetching master

[Freeipa-users] Re: pki-tomcatd service stopped

or unknown senders. Polavarapu Manideep Sai via FreeIPA-users wrote: > Hi Florence > > > > I have multiple ipa servers, actually the master server should be a CA > renewal master, but when I checked now it is not, now CA renewal > master showing as replica server, the same repl

[Freeipa-users] Re: Help-Installing Third-Party Certificates for HTTP or LDAP

certificate during ipa-certupdate. What version of IPA do you have? If it's reasonably up-to-date you can see what you have installed using: ipa-cacert-manage list. rob > > > > > > Regards > > Sai > > > > > > *From:*Florence Blanc-Renaud > *Sent:* 07

[Freeipa-users] Re: Help-Installing Third-Party Certificates for HTTP or LDAP

complete that should resolve the ipa-server-certinstall issue. rob > > NO > > Regards > Sai > > > > -Original Message- > From: Polavarapu Manideep Sai via FreeIPA-users > mailto:freeipa-users@lists.fedorahosted.org>> > Sent: 06 July 2023 22:28 >

[Freeipa-users] Re: pki-tomcatd service stopped

you have a single IPA server or multiple servers? Which one is the CA renewal master? flo On Fri, Jul 7, 2023 at 10:02 AM Polavarapu Manideep Sai via FreeIPA-users mailto:freeipa-users@lists.fedorahosted.org>> wrote: Hi Team, As we checked pki-tomcatd service was stopped, couldn’t po

[Freeipa-users] pki-tomcatd service stopped

Hi Team, As we checked pki-tomcatd service was stopped, couldn't possible to set the clock back as other certificates will not valid PFB details, please let us know if more details required on this As you can see Unable to communicate with CMS (404) when performed ipa cert-show for the serial

[Freeipa-users] Re: Help-Installing Third-Party Certificates for HTTP or LDAP

ming the chain they provided is complete that should resolve the ipa-server-certinstall issue. rob > > NO > > Regards > Sai > > > > -Original Message- > From: Polavarapu Manideep Sai via FreeIPA-users > > Sent: 06 July 2023 22:28 > To: Rob Crittenden ; Free

[Freeipa-users] Re: Help-Installing Third-Party Certificates for HTTP or LDAP

└── gdig2.crt.pem 3. Do you intend on replacing the server certificate for the CA as well? If so, why? NO Regards Sai -Original Message----- From: Polavarapu Manideep Sai via FreeIPA-users Sent: 06 July 2023 22:28 To: Rob Crittenden ; FreeIPA users list Cc: Polavarapu Manideep Sa

[Freeipa-users] Re: Help-Installing Third-Party Certificates for HTTP or LDAP

the organization. Please exercise caution before clicking on links or attachments in case of suspicion or unknown senders. Polavarapu Manideep Sai via FreeIPA-users wrote: > Hi Team, > > > > I have generated central.csr and central.key in my ipa server and > shared this central.

[Freeipa-users] Help-Installing Third-Party Certificates for HTTP or LDAP

Hi Team, I have generated central.csr and central.key in my ipa server and shared this central.csr to third-party certificate authority and i got certificates from certificate authority with two directories one as apache directory and it's certificates are 1f1f7ab616938168.crt,

[Freeipa-users] Help-Query IPA-Client Re-Enrollment

HI Team, I have a query I have two replica servers which are replicating with master server Replica1[Old]-hostname1.com --- 10 client nodes integrated at Replica1 Replica2[New]-hostname2.com --- No client nodes integrated at Replica2 Now I want to remove Replica1, which is having issues

[Freeipa-users] Re: Installing Third-Party Certificates-Help

in case of suspicion or unknown senders. Hi, On Sat, Oct 29, 2022 at 3:53 PM Polavarapu Manideep Sai via FreeIPA-users mailto:freeipa-users@lists.fedorahosted.org>> wrote: Hi Team, We need your help or support I have a master IPA server and 2 Replica IPA Servers, i want to install third part

[Freeipa-users] Re: Installing Third-Party Certificates-Help

gt; Subject: Re: [Freeipa-users] Installing Third-Party Certificates-Help CAUTION. This email originated from outside the organization. Please exercise caution before clicking on links or attachments in case of suspicion or unknown senders. Hi, On Sat, Oct 29, 2022 at 3:53 PM Polavarapu Manidee

[Freeipa-users] Re: Installing Third-Party Certificates-Help

ertificates-Help CAUTION. This email originated from outside the organization. Please exercise caution before clicking on links or attachments in case of suspicion or unknown senders. Hi, On Sat, Oct 29, 2022 at 3:53 PM Polavarapu Manideep Sai via FreeIPA-users mailto:freeipa-users@lists

[Freeipa-users] Re: Installing Third-Party Certificates-Help

Can you please anyone suggest on this From: Polavarapu Manideep Sai via FreeIPA-users Sent: 29 October 2022 19:23 To: FreeIPA users list Cc: Polavarapu Manideep Sai Subject: [Freeipa-users] Installing Third-Party Certificates-Help CAUTION. This email originated from outside

[Freeipa-users] Installing Third-Party Certificates-Help

Hi Team, We need your help or support I have a master IPA server and 2 Replica IPA Servers, i want to install third party certificates in my setup a. master.ipa.example.com b. replica1.ipa.example.com c. replica2.ipa.example.com 1. Generated new CSR/wildcard certificate on master IPA server

[Freeipa-users] Re: Help ipa-server-upgrade command failed, exception: NetworkError: cannot connect to https://hostname.ipa.example.com:8443/ca/rest/account/login [SSL: CERTIFICATE_VERIFY_FAILED] cert

page and run the tool on the replica. HTH, flo On Mon, Oct 3, 2022 at 4:59 PM Polavarapu Manideep Sai via FreeIPA-users mailto:freeipa-users@lists.fedorahosted.org>> wrote: Hi Rob, As I rechecked one of the certificate i.e. "Server-Cert cert-pki-ca" found and it was expir

[Freeipa-users] Re: Help ipa-server-upgrade command failed, exception: NetworkError: cannot connect to https://hostname.ipa.example.com:8443/ca/rest/account/login [SSL: CERTIFICATE_VERIFY_FAILED] cert

eeipa-users] Help ipa-server-upgrade command failed, >> exception: NetworkError: cannot connect to >> https://hostname.ipa.example.com:8443/ca/rest/account/login [SSL: >> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618) >> >> >> CAUTION. Thi

[Freeipa-users] Re: Help ipa-server-upgrade command failed, exception: NetworkError: cannot connect to https://hostname.ipa.example.com:8443/ca/rest/account/login [SSL: CERTIFICATE_VERIFY_FAILED] cert

from outside the organization. Please exercise > caution before clicking on links or attachments in case of suspicion or > unknown senders. > > > > > Polavarapu Manideep Sai via FreeIPA-users wrote: >> Hi Team, >> >> >> >> Facing below error while upgradi

[Freeipa-users] Re: Help ipa-server-upgrade command failed, exception: NetworkError: cannot connect to https://hostname.ipa.example.com:8443/ca/rest/account/login [SSL: CERTIFICATE_VERIFY_FAILED] cert

before clicking on links or attachments in case of suspicion or unknown senders. Polavarapu Manideep Sai via FreeIPA-users wrote: > Hi Team, > > > > Facing below error while upgrading the IPA server using > ipa-server-upgrade command > > > > Please let us know the

[Freeipa-users] Help ipa-server-upgrade command failed, exception: NetworkError: cannot connect to https://hostname.ipa.example.com:8443/ca/rest/account/login [SSL: CERTIFICATE_VERIFY_FAILED] certific

Hi Team, Facing below error while upgrading the IPA server using ipa-server-upgrade command Please let us know the fix if any , let us know if any more details required on the same ipa-server-upgrade command failed, exception: NetworkError: cannot connect to

[Freeipa-users] Re: Free IPA Replica server retrieving two certificates from the IPA master server while installing IPA replica and installation fails

invalid certificate in IPA master server On Tue, Aug 30, 2022 at 8:09 PM Polavarapu Manideep Sai via FreeIPA-users mailto:freeipa-users@lists.fedorahosted.org>> wrote: Hi Rob, Can you please help me on this Regards ManideepSai -Original Message- From: Rob Crittenden mailto:rcri

[Freeipa-users] Re: Free IPA Replica server retrieving two certificates from the IPA master server while installing IPA replica and installation fails

master server while installing IPA replica and installation fails CAUTION. This email originated from outside the organization. Please exercise caution before clicking on links or attachments in case of suspicion or unknown senders. Polavarapu Manideep Sai via FreeIPA-users wrote: >

[Freeipa-users] Free IPA Replica server retrieving two certificates from the IPA master server while installing IPA replica and installation fails

Hi Team, Need help from freeipa, Free IPA Replica server retrieving two certificates from the IPA master server while installing IPA replica and installation fails please check the below issue and let us know the fix and please let us know if any more details required Master server: aaa01