[Freeipa-users] Problem with Sync. IPA and Active directory using an external CA server with key size of 4096
Alexander Bokovoy
abokovoy at redhat.com
Tue Feb 16 08:36:49 UTC 2016
On Tue, 16 Feb 2016, Mitra Dehghan wrote:
>Hello,
>I want to Sync IPA and Active directory servers:
>1- I'm using an external root CA server which uses key size of 4096
>2- Both IPA and Active directory, use the same CA server as external root
>CA.
>3- Using default configuration,the handshake process for establishing SSL
>connection between servers(IPA and active directory) is failed during
>certificate-base authentication. As a result password Sync. fails after
>user synchronization is done.
>
>I guess the problem is key size and I was wondering if any special changes
>are required in the CA instance configured by IPA or if the job is possible
>at all.
>
>Note: Things goes well when I use internal CA servers both for active
>directory and IPA server.
Can you give a bit more details about your environment? We fixed a bug
in NSS some time ago related to this issue.
https://rhn.redhat.com/errata/RHBA-2015-2121.html
What is your distribution? nss package version? IPA version? 389-ds-base
version?
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list