[Freeipa-users] Re: Testing requested - certificate checking tool

CT,C,C >> ICC-root C,, <--- >> root certificate of CN=masterGOOD.ipa.testad.local (added by me) >> ICC-InterC,,<--- CA >> added of CN=masterGOOD.ipa.testad.lo

[Freeipa-users] Re: Testing requested - certificate checking tool

enden Cc: SOLER SANGUESA Miguel Subject: Re: [Freeipa-users] Re: Testing requested - certificate checking tool On 1/9/19 4:21 PM, SOLER SANGUESA Miguel via FreeIPA-users wrote: Hello, Now it works and it shows the real problem I have. I have 2 master, I have changed the HTTP certificate on both (using

[Freeipa-users] Re: Testing requested - certificate checking tool

; masterWRONG (make a backup first of the files on masterWRONG). This should > solve the 'ipa cert-show' issue on masterWRONG. > >> [root@masterWRONG ~]# openssl x509 -in /var/lib/ipa/ra-agent.pem -text >> -noout | egrep "Serial|Not" >> Serial Number: 7 (0x7) >>

[Freeipa-users] Re: Testing requested - certificate checking tool

tenden Sent: Thursday, January 03, 2019 21:22 To: FreeIPA users list Cc: SOLER SANGUESA Miguel Subject: Re: [Freeipa-users] Re: Testing requested - certificate checking tool Rob Crittenden via FreeIPA-users wrote: SOLER SANGUESA Miguel via FreeIPA-users wrote: Hello, I have run the too

[Freeipa-users] Re: Testing requested - certificate checking tool

Certificate operation cannot be completed: EXCEPTION > (Invalid Credential.) > > I have added a RHEL 7 client to the domain, but I can not add RHEL 6 > clients. The CA master was masterWRONG and I have changed to > masterGOOD with the procedure explained on > https://www.free

[Freeipa-users] Re: Testing requested - certificate checking tool

at happening because I changed the auto-signed HTTP certificate to a 3rd party certificate? Thanks & Regards. -Original Message- From: Rob Crittenden Sent: Thursday, January 03, 2019 21:22 To: FreeIPA users list Cc: SOLER SANGUESA Miguel Subject: Re: [Freeipa-users] Re: Testing req

[Freeipa-users] Re: Testing requested - certificate checking tool

Rob Crittenden via FreeIPA-users wrote: > SOLER SANGUESA Miguel via FreeIPA-users wrote: >> Hello, >> >>   >> >> I have run the tool on an environment where I’ve installed my own >> certificate for HTTPS (following this tutorial: >>

[Freeipa-users] Re: Testing requested - certificate checking tool

SOLER SANGUESA Miguel via FreeIPA-users wrote: > Hello, > >   > > I have run the tool on an environment where I’ve installed my own > certificate for HTTPS (following this tutorial: > https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP), > and it complains when find the root

[Freeipa-users] Re: Testing requested - certificate checking tool

Hello, I have run the tool on an environment where I've installed my own certificate for HTTPS (following this tutorial: https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP), and it complains when find the root certificate of my certificate: # python2 ipa-checkcerts.py ipa:

[Freeipa-users] Re: Testing requested - certificate checking tool

On Wed, Nov 07, 2018 at 01:04:05PM -0500, Rob Crittenden via FreeIPA-users wrote: > William Muriithi via FreeIPA-users wrote: > > Morning Rob > >>> What's the process for either removing or making it known? > >> > >> I'll add something to the program about this too but for now you can run: > >> >

[Freeipa-users] Re: Testing requested - certificate checking tool

William Muriithi via FreeIPA-users wrote: > Morning Rob >>> What's the process for either removing or making it known? >> >> I'll add something to the program about this too but for now you can run: >> >> # getcert list -i 20170919231606 >> >> That will tell us what it is. It is perfectly fine to

[Freeipa-users] Re: Testing requested - certificate checking tool

Morning Rob > > What's the process for either removing or making it known? > > I'll add something to the program about this too but for now you can run: > > # getcert list -i 20170919231606 > > That will tell us what it is. It is perfectly fine to have certmonger > track other certs on the system.

[Freeipa-users] Re: Testing requested - certificate checking tool

Zarko D via FreeIPA-users wrote: > Hi Rob, it won't work on 4.4.0 for now. > > # python2 /tmp/checkcerts/ipa-checkcerts.py > Traceback (most recent call last): > File "/tmp/checkcerts/ipa-checkcerts.py", line 21, in > from ipalib.install import certstore > ImportError: No module named

[Freeipa-users] Re: Testing requested - certificate checking tool

Hi Rob, it won't work on 4.4.0 for now. # python2 /tmp/checkcerts/ipa-checkcerts.py Traceback (most recent call last): File "/tmp/checkcerts/ipa-checkcerts.py", line 21, in from ipalib.install import certstore ImportError: No module named install I guess it's not appropriate to use this

[Freeipa-users] Re: Testing requested - certificate checking tool

Z D via FreeIPA-users wrote: > Rob, I'd love to test your tool, as part of working on my problem > "ipa.service fails to start", but I still run 4.4.0-12.0.1.el7.x86_64, hence > do you think this is the obstacle? I haven't tried it. It won't hurt anything to try though. > Again, as part of

[Freeipa-users] Re: Testing requested - certificate checking tool

Rob, I'd love to test your tool, as part of working on my problem "ipa.service fails to start", but I still run 4.4.0-12.0.1.el7.x86_64, hence do you think this is the obstacle? Again, as part of "ipa.service fails to start" work, I was hoping to add new IPA server 4.5.4, but

[Freeipa-users] Re: Testing requested - certificate checking tool

Louis Lagendijk via FreeIPA-users wrote: > On Mon, 2018-10-22 at 12:07 -0400, Rob Crittenden via FreeIPA-users > wrote: >> Gah, regarding >> >> Missing tracking for {'cert-nickname': 'Server-Cert', 'ca-name': >> 'IPA', >> 'cert-database': '/etc/httpd/alias', 'cert-postsave-command': >>

[Freeipa-users] Re: Testing requested - certificate checking tool

Hi Rob, Here are the answer to your questions. On Mon, 2018-10-22 at 12:01 -0400, Rob Crittenden via FreeIPA-users wrote: > Let's tackle these one at a time. > > Missing tracking for {'cert-nickname': 'Server-Cert', 'ca-name': > 'IPA', > 'cert-database': '/etc/httpd/alias',

[Freeipa-users] Re: Testing requested - certificate checking tool

On Mon, 2018-10-22 at 12:07 -0400, Rob Crittenden via FreeIPA-users wrote: > Gah, regarding > > Missing tracking for {'cert-nickname': 'Server-Cert', 'ca-name': > 'IPA', > 'cert-database': '/etc/httpd/alias', 'cert-postsave-command': > '/usr/libexec/ipa/certmonger/restart_httpd'} > > never mind.

[Freeipa-users] Re: Testing requested - certificate checking tool

Gah, regarding Missing tracking for {'cert-nickname': 'Server-Cert', 'ca-name': 'IPA', 'cert-database': '/etc/httpd/alias', 'cert-postsave-command': '/usr/libexec/ipa/certmonger/restart_httpd'} never mind. The cert is in the verbose output you sent! It is fine and issued by IPA. So this looks

[Freeipa-users] Re: Testing requested - certificate checking tool

Gah, regarding Missing tracking for {'cert-nickname': 'Server-Cert', 'ca-name': 'IPA', 'cert-database': '/etc/httpd/alias', 'cert-postsave-command': '/usr/libexec/ipa/certmonger/restart_httpd'} never mind. The cert is in the verbose output you sent! It is fine and issued by IPA. So this looks

[Freeipa-users] Re: Testing requested - certificate checking tool

Let's tackle these one at a time. Missing tracking for {'cert-nickname': 'Server-Cert', 'ca-name': 'IPA', 'cert-database': '/etc/httpd/alias', 'cert-postsave-command': '/usr/libexec/ipa/certmonger/restart_httpd'} Did you provide your own certificate for the web server (e.g. like from Let's

[Freeipa-users] Re: Testing requested - certificate checking tool

Louis Lagendijk via FreeIPA-users wrote: > On Thu, 2018-10-04 at 09:21 -0400, Rob Crittenden via FreeIPA-users > wrote: >> As part of a larger IPA "health" checker and driven largely by >> necessity >> I have the beginning of a certificate checking tool available at >>

[Freeipa-users] Re: Testing requested - certificate checking tool

On Thu, 2018-10-04 at 09:21 -0400, Rob Crittenden via FreeIPA-users wrote: > As part of a larger IPA "health" checker and driven largely by > necessity > I have the beginning of a certificate checking tool available at > https://github.com/rcritten/checkcerts > > It works for me in IPA 4.5.4, IPA

[Freeipa-users] Re: Testing requested - certificate checking tool

Lachlan Musicman via FreeIPA-users wrote: > On Thu, 4 Oct 2018 at 23:22, Rob Crittenden via FreeIPA-users > > wrote: > > As part of a larger IPA "health" checker and driven largely by necessity > I have the beginning of a certificate checking

[Freeipa-users] Re: Testing requested - certificate checking tool

On Thu, 4 Oct 2018 at 23:22, Rob Crittenden via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > As part of a larger IPA "health" checker and driven largely by necessity > I have the beginning of a certificate checking tool available at > https://github.com/rcritten/checkcerts > >