[Freeipa-users] certmonger question
Martin Kosek
mkosek at redhat.com
Tue Nov 11 13:13:49 UTC 2014
On 11/11/2014 01:28 PM, Natxo Asenjo wrote:
> hi Nali,
> On Tue, Nov 11, 2014 at 12:57 PM, Martin Kosek <mkosek at redhat.com> wrote:
>
>> So if the lurking double encoded certificate is in LDAP, and thus Apache DS
>> shows is invalid (it shows as OK in my RHEL-7.0 server), maybe the easiest way
>> to fix it would be to:
>>
>> - Open your Apache DS
>> - Back up cn=CAcert,cn=ipa,cn=etc,dc=example,dc=com
>> - Delete the cn=CAcert,cn=ipa,cn=etc,dc=example,dc=com entry
>> - Run
>> # ipa-ldap-updater --upgrade --ldapi --quiet
>> on your 6.5+ server and the certificate entry should get regenerated (tested
>> with 7.0).
>
> when you write 6.5+ server you mean in the kdc/CA server, right? Just
> checking :-)
>
> Thanks!
>
> --
> Groeten,
> natxo
>
I meant IPA server running on RHEL/CentOS 6.5 or older... This is the one that
can regenerate CAcert entry without double encoding.
Martin
More information about the Freeipa-users
mailing list