A massive thank you to Jan Cholasta for handholding me while I was getting
this problem fixed. This is how we did it...
1. List all CA certificates in LDAP directory:
ldapsearch -b cn=certificates,cn=ipa,$basedn
2. Using ldapdelete (or LDAP browser), get rid of all certificates that
shouldn't
A massive thank you to Jan Cholasta for handholding me while I was getting
this problem fixed. This is how we did it...
1. List all CA certificates in LDAP directory:
ldapsearch -b cn=certificates,cn=ipa,$basedn
2. Using ldapdelete, get rid of all certificates that shouldn't be there,
in my
I've now set up a test box using exactly the same install command, SSL
certificate etc...
The /etc/ipa/ca.crt contains only 3 certificates but they are not CA
certificates that were included in the PKCS12 file:
[root@dupa temp]# for i in {1..3}; do echo cert${i}; openssl x509 -in
cert${i} -noout
Hi,
We moved our CA-less FreeIPA install into production only few days ago and
today I've noticed some problem with certificates.
This is FreeIPA 4.2 installation on Centos 7.2.
I've installed the first node with the following command:
ipa-server-install \
-U \
-r $REALM \
-n