Re: [Freeipa-users] Certificate format error reported by GUI

2016-10-01 Thread Jim Richard
Hi Pavel: Yes, my httpd logs were flooded with cert errors from hosts trying to renew bogus certs. How 100 or so out of 1000 hosts ended up with certs that were not valid is unknown at this time but using Ansible I cleaned all those up and it looks like I’m in good shape now. Here’s the

Re: [Freeipa-users] Replica created with expired certs

2016-10-01 Thread Jim Richard
Hi Rob: First I wanted to thank you for all of your valuable input/tips. As you well know, everything about certs, certmonger, dogtag and FreeIPA can get very complicated - there’s no easy answer, so many things can go wrong :) But, your answers to my questions got me thinking, gave me some

[Freeipa-users] External CA: Peer's certificate issuer has been marked as not trusted by the user

2016-10-01 Thread Matt .
Hi guys, I have installed successfully an external CA Certificate for https/LDAP but now I get this on my ipa-commands: ipa domainlevel-get ipa: ERROR: cert validation failed for "CN=*.mysubdomain.ipa.mydomain.tld,OU=PositiveSSL Wildcard,OU=Domain Control Validated"