[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Dmitri Moudraninets via FreeIPA-users wrote: > Hi Rob, > > > I was able to start my CA via instructions from here: > https://www.redhat.com/archives/freeipa-users/2017-January/msg00215.html > > I also tried to set the clock back and restart certmonger. Still no luck: That seems to be a pretty

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Hi Rob, I was able to start my CA via instructions from here: https://www.redhat.com/archives/freeipa-users/2017-January/msg00215.html I also tried to set the clock back and restart certmonger. Still no luck: getcert list gives me the following: Number of certificates and requests being

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Hi Rob, I found this on my second server in /var/log/pki/pki-tomcat/ca/debug: SSL handshake happened Could not connect to LDAP server host freeipa-02.corp.mydomain.de port 636 Error netscape.ldap.LDAPException: Authenticatio n failed (48) On my primary server I found this: Internal Database

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Hi Rob, What cat I do to troubleshoot CA? On Wed 12. Feb 2020 at 01:00, Rob Crittenden wrote: > Dmitri Moudraninets wrote: > > Hi Rob, > > > > > > It seems that it does not help. I found a backup which was made via > > ipa-backup this summer. Can I use it somehow for recovery? We did > >

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Dmitri Moudraninets wrote: > Hi Rob, > > > It seems that it does not help. I found a backup which was made via > ipa-backup this summer. Can I use it somehow for recovery? We did > nothing to certificates since that time. We only added users/groups/servers. > > Current situation: > I can't

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Hi Rob, It seems that it does not help. I found a backup which was made via ipa-backup this summer. Can I use it somehow for recovery? We did nothing to certificates since that time. We only added users/groups/servers. Current situation: I can't update certificates. getcert list shows multiple

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Dmitri Moudraninets wrote: > Hi Rob, > > I recovered the key file. Restarted FreeIPA and certmonger. Now issue > looks different: > image.png > > Subjects disappeared. If I click on a certificate 29 I see this: > cannot connect to >

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Hi Rob, Some good news. I did the same with the secondary server. Now on secondary server I can navigate through GUI with out any errors (authentication->certificates->certificates). But on the first server Subjects are missing and all certificates are grayed-out except one. Another good thing -

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Dmitri Moudraninets wrote: > Hi Rob, > > > > I did the following: > I removed original ra-agent.pem and ra-agent key > and > openssl x509 -in /root/debug.cert -out /var/lib/ipa/ra-agent.pem > chown root:ipaapi /var/lib/ipa/ra-agent.pem > chmod 0440 /var/lib/ipa/ra-agent.pem > restorecon

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Hi Rob, I did the following: I removed original ra-agent.pem and ra-agent key and openssl x509 -in /root/debug.cert -out /var/lib/ipa/ra-agent.pem chown root:ipaapi /var/lib/ipa/ra-agent.pem chmod 0440 /var/lib/ipa/ra-agent.pem restorecon /var/lib/ipa/ra-agent.pem Successfully restarted

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Dmitri Moudraninets wrote: > Hi Rob, > > ldapsearch -LLL -o ldif-wrap=no -x -D 'cn=directory manager' -W > -b uid=ipara,ou=People,o=ipaca usercertificate > > shows me the following: > >         Issuer: O=CORP.MYDOMAIN.DE , > CN=Certificate Authority >         Validity >

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Hi Rob, ldapsearch -LLL -o ldif-wrap=no -x -D 'cn=directory manager' -W -b uid=ipara,ou=People,o=ipaca usercertificate shows me the following: Issuer: O=CORP.MYDOMAIN.DE, CN=Certificate Authority Validity Not Before: Dec 5 15:32:12 2017 GMT Not After :

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Dmitri Moudraninets wrote: > Hi Rob, > > Yes both masters are failing the same way. Output of openssl x509 -noout > -modulus -in /var/lib/ipa/ra-agent.pem is the same on both masters. > Output of openssl rsa -noout -modulus -in /var/lib/ipa/ra-agent.key is > also the same on both masters. But the

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Hi Rob, Yes both masters are failing the same way. Output of openssl x509 -noout -modulus -in /var/lib/ipa/ra-agent.pem is the same on both masters. Output of openssl rsa -noout -modulus -in /var/lib/ipa/ra-agent.key is also the same on both masters. But the output of the first command is not the

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Hi Rob, Both master and replica are failing. The output of the following commands is different on both FreeIPA servers. # openssl x509 -noout -modulus -in /var/lib/ipa/ra-agent.pem # openssl rsa -noout -modulus -in /var/lib/ipa/ra-agent.key Is this a known issue? ср, 20 нояб. 2019 г. в 22:24,

[Freeipa-users] Re: Issues with certificates: X509: KEY_VALUES_MISMATCH

Dmitri Moudraninets via FreeIPA-users wrote: > Hi All, > > > I have a werid issue with FreeIPA. I can't do anything with > certificates. I also can't upgrade FreeIPA. If I run ipa-server-update I > receive this: > Unexpected error - see /var/log/ipaupgrade.log for details: > NetworkError: cannot