[Freeipa-users] certmonger question

Natxo Asenjo natxo.asenjo at gmail.com
Tue Nov 11 12:28:31 UTC 2014


hi Nali,
On Tue, Nov 11, 2014 at 12:57 PM, Martin Kosek <mkosek at redhat.com> wrote:

> So if the lurking double encoded certificate is in LDAP, and thus Apache DS
> shows is invalid (it shows as OK in my RHEL-7.0 server), maybe the easiest way
> to fix it would be to:
>
> - Open your Apache DS
> - Back up cn=CAcert,cn=ipa,cn=etc,dc=example,dc=com
> - Delete the cn=CAcert,cn=ipa,cn=etc,dc=example,dc=com entry
> - Run
>   # ipa-ldap-updater --upgrade --ldapi --quiet
>   on your 6.5+ server and the certificate entry should get regenerated (tested
> with 7.0).

when you write 6.5+ server you mean in the kdc/CA server, right? Just
checking :-)

Thanks!

--
Groeten,
natxo




More information about the Freeipa-users mailing list