Dear ipa-users, I've recently observed a pattern where adding a host certificate to a host only shows the association in the GUI for the server which issues the cert. I'm running FreeIPA 4.4.4.
I request a certificate from the host(s) in question with something like: ipa-getcert request -f /path -k /path -r All IPA servers show the cert as being issued and valid on the certificates page. Visiting the "https://myserver/ipa/ui/#/e/host/details/hostame.fqdn shows a host certificate from the machine that issued the cert Visiting the same host page from other ipa servers does not show the host cert associated. Users and hosts continue to synchronise, as do other cert details! I can manually associate the host to cert on other servers using the "add" button in the Host certifcate section of the host page, but this feels wrong. Any ideas on how to troubleshoot this? It feels like the CAs don't quite get which one is in charge, and could be a result of me tearing down the original ubuntu based ones to replace with fedora, or a mistake I have made whilst doing so. Any advice appreciated, David
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
