Thank you. Setting requiredSecret to the same value as secret in
/etc/pki/pki-tomcat/server.xml fixed it for me on CentOS Stream 8. It stopped
working after upgrading FreeIPA from 4.9.3 to 4.9.6.
Seems I barely missed the version that uses "secret":
java -cp catalina.jar org.apache.catalina.util.
I ran into similar issues after upgrading from FreeIPA 4.9.3 to 4.9.6 on Centos
Stream 8 last week.
You could check /var/log/httpd/error_log - I had trouble with TLS 1.3 (leading
to error "Request failed with status 403: Non-2xx response from CA REST API:
403.") which could be solved by disabli
Thank you for the hint, it's gotten me farther. I can now see cert details in
the webui; however, cli tools still fail with
"ipa: ERROR: Certificate operation cannot be completed: Request failed with
status 403: Non-2xx response from CA REST API: 403. (403)"
Specifically, "ipa cert show 4" (whe
D Trom via FreeIPA-users wrote:
> If the subject isn't vague enough, perhaps I can explain in some better
> detail.
> I have IPA setup with a couple of replicas and it's been running fine for a
> few months; perriodic runs of ipa-healthcheck didn't show any issues.
> During an update of the syst
