[Freeipa-users] IPA certificates expired, please help!
Linov Suresh
linov.suresh at gmail.com
Tue Jul 19 13:27:08 UTC 2016
We have cloned and created another virtual server from the template.
Surprisingly this server certificates were also expired at the same time as
the previous, just lasted for a day.
This issue has something to do with the kerberos tickets?
I new to IPA and your help is highly appreciated.
On Mon, Jul 18, 2016 at 12:37 PM, Linov Suresh <linov.suresh at gmail.com>
wrote:
> *Update: my webserver and LDAP certificates were expired at 2016-07-18
> 15:54:36 UTC and the certificates are in CA_UNREACHABLE state.*
>
>
> *Could you please help us? *
>
> [root at caer tmp]# getcert list
> Number of certificates and requests being tracked: 8.
> Request ID '20111214223243':
> status: CA_UNREACHABLE
> ca-error: Server failed request, will retry: -504 (libcurl failed
> to execute the HTTP POST transaction. Peer certificate cannot be
> authenticated with known CA certificates).
> stuck: yes
> key pair storage:
> type=NSSDB,location='/etc/dirsrv/slapd-TELOIP-NET',nickname='Server-Cert',token='NSS
> Certificate DB',pinfile='/etc/dirsrv/slapd-TELOIP-NET//pwdfile.txt'
> certificate:
> type=NSSDB,location='/etc/dirsrv/slapd-TELOIP-NET',nickname='Server-Cert',token='NSS
> Certificate DB'
> CA: IPA
> issuer: CN=Certificate Authority,O=TELOIP.NET
> subject: CN=caer.teloip.net,O=TELOIP.NET
> * expires: 2016-07-18 15:54:36 UTC*
> eku: id-kp-serverAuth
> pre-save command:
> post-save command:
> track: yes
> auto-renew: yes
> Request ID '20111214223300':
> status: CA_UNREACHABLE
> ca-error: Server failed request, will retry: -504 (libcurl failed
> to execute the HTTP POST transaction. Peer certificate cannot be
> authenticated with known CA certificates).
> stuck: yes
> key pair storage:
> type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
> Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA//pwdfile.txt'
> certificate:
> type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
> Certificate DB'
> CA: IPA
> issuer: CN=Certificate Authority,O=TELOIP.NET
> subject: CN=caer.teloip.net,O=TELOIP.NET
> * expires: 2016-07-18 15:54:52 UTC*
> eku: id-kp-serverAuth
> pre-save command:
> post-save command:
> track: yes
> auto-renew: yes
> Request ID '20111214223316':
> status: CA_UNREACHABLE
> ca-error: Server failed request, will retry: -504 (libcurl failed
> to execute the HTTP POST transaction. Peer certificate cannot be
> authenticated with known CA certificates).
> stuck: yes
> key pair storage:
> type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
> certificate:
> type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> Certificate DB'
> CA: IPA
> issuer: CN=Certificate Authority,O=TELOIP.NET
> subject: CN=caer.teloip.net,O=TELOIP.NET
> *expires: 2016-07-18 15:55:04 UTC*
> eku: id-kp-serverAuth
> pre-save command:
> post-save command:
> track: yes
> auto-renew: yes
> Request ID '20130519130741':
> status: MONITORING
> ca-error: Internal error: no response to "
> http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=61&renewal=true&xml=true
> ".
> stuck: no
> key pair storage:
> type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
> cert-pki-ca',token='NSS Certificate DB',pin='297100916664'
> certificate:
> type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
> cert-pki-ca',token='NSS Certificate DB'
> CA: dogtag-ipa-renew-agent
> issuer: CN=Certificate Authority,O=TELOIP.NET
> subject: CN=CA Audit,O=TELOIP.NET
> expires: 2017-10-13 14:10:49 UTC
> pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
> post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
> "auditSigningCert cert-pki-ca"
> track: yes
> auto-renew: yes
> Request ID '20130519130742':
> status: MONITORING
> ca-error: Internal error: no response to "
> http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=60&renewal=true&xml=true
> ".
> stuck: no
> key pair storage:
> type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert
> cert-pki-ca',token='NSS Certificate DB',pin='297100916664'
> certificate:
> type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert
> cert-pki-ca',token='NSS Certificate DB'
> CA: dogtag-ipa-renew-agent
> issuer: CN=Certificate Authority,O=TELOIP.NET
> subject: CN=OCSP Subsystem,O=TELOIP.NET
> expires: 2017-10-13 14:09:49 UTC
> eku: id-kp-OCSPSigning
> pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
> post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
> "ocspSigningCert cert-pki-ca"
> track: yes
> auto-renew: yes
> Request ID '20130519130743':
> status: MONITORING
> ca-error: Internal error: no response to "
> http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=62&renewal=true&xml=true
> ".
> stuck: no
> key pair storage:
> type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert
> cert-pki-ca',token='NSS Certificate DB',pin='297100916664'
> certificate:
> type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert
> cert-pki-ca',token='NSS Certificate DB'
> CA: dogtag-ipa-renew-agent
> issuer: CN=Certificate Authority,O=TELOIP.NET
> subject: CN=CA Subsystem,O=TELOIP.NET
> expires: 2017-10-13 14:09:49 UTC
> eku: id-kp-serverAuth,id-kp-clientAuth
> pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
> post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
> "subsystemCert cert-pki-ca"
> track: yes
> auto-renew: yes
> Request ID '20130519130744':
> status: MONITORING
> ca-error: Internal error: no response to "
> http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=64&renewal=true&xml=true
> ".
> stuck: no
> key pair storage:
> type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
> Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
> certificate:
> type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
> Certificate DB'
> CA: dogtag-ipa-renew-agent
> issuer: CN=Certificate Authority,O=TELOIP.NET
> subject: CN=RA Subsystem,O=TELOIP.NET
> expires: 2017-10-13 14:09:49 UTC
> eku: id-kp-serverAuth,id-kp-clientAuth
> pre-save command:
> post-save command: /usr/lib64/ipa/certmonger/restart_httpd
> track: yes
> auto-renew: yes
> Request ID '20130519130745':
> status: MONITORING
> ca-error: Internal error: no response to "
> http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=63&renewal=true&xml=true
> ".
> stuck: no
> key pair storage:
> type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
> cert-pki-ca',token='NSS Certificate DB',pin='297100916664'
> certificate:
> type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
> cert-pki-ca',token='NSS Certificate DB'
> CA: dogtag-ipa-renew-agent
> issuer: CN=Certificate Authority,O=TELOIP.NET
> subject: CN=caer.teloip.net,O=TELOIP.NET
> expires: 2017-10-13 14:09:49 UTC
> eku: id-kp-serverAuth,id-kp-clientAuth
> pre-save command:
> post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv "
> TELOIP.NET"
> track: yes
> auto-renew: yes
>
> On Mon, Jul 18, 2016 at 12:00 PM, Linov Suresh <linov.suresh at gmail.com>
> wrote:
>
>> Yes, PKI is running and I don't see any errors in selftests, I have
>> followed https://access.redhat.com/solutions/643753 and restarted the
>> PKI in step 10.
>>
>> The only change which I made was clean up userCertificate;binary before
>> adding new userCertificate in LDAP, which is step 12.
>>
>> [root at caer ~]# /etc/init.d/pki-cad status
>> pki-ca (pid 8634) is running... [ OK ]
>> Unsecure Port = http://caer.teloip.net:9180/ca/ee/ca
>> Secure Agent Port = https://caer.teloip.net:9443/ca/agent/ca
>> Secure EE Port = https://caer.teloip.net:9444/ca/ee/ca
>> Secure Admin Port = https://caer.teloip.net:9445/ca/services
>> EE Client Auth Port = https://caer.teloip.net:9446/ca/eeca/ca
>> PKI Console Port = pkiconsole https://caer.teloip.net:9445/ca
>> Tomcat Port = 9701 (for shutdown)
>>
>> PKI Instance Name: pki-ca
>>
>> PKI Subsystem Type: Root CA (Security Domain)
>>
>> Registered PKI Security Domain Information:
>>
>> ==========================================================================
>> Name: IPA
>> URL: https://caer.teloip.net:9445
>>
>> ==========================================================================
>> [root at caer ~]#
>> [root at caer ~]# tail -f /var/log/pki-ca/selftests.log
>> 8634.main - [18/Jul/2016:11:46:20 EDT] [20] [1] SelfTestSubsystem:
>> loading all self test plugin logger parameters
>> 8634.main - [18/Jul/2016:11:46:20 EDT] [20] [1] SelfTestSubsystem:
>> loading all self test plugin instances
>> 8634.main - [18/Jul/2016:11:46:20 EDT] [20] [1] SelfTestSubsystem:
>> loading all self test plugin instance parameters
>> 8634.main - [18/Jul/2016:11:46:20 EDT] [20] [1] SelfTestSubsystem:
>> loading self test plugins in on-demand order
>> 8634.main - [18/Jul/2016:11:46:20 EDT] [20] [1] SelfTestSubsystem:
>> loading self test plugins in startup order
>> 8634.main - [18/Jul/2016:11:46:20 EDT] [20] [1] SelfTestSubsystem: Self
>> test plugins have been successfully loaded!
>> 8634.main - [18/Jul/2016:11:46:21 EDT] [20] [1] SelfTestSubsystem:
>> Running self test plugins specified to be executed at startup:
>> 8634.main - [18/Jul/2016:11:46:21 EDT] [20] [1] CAPresence: CA is present
>> 8634.main - [18/Jul/2016:11:46:21 EDT] [20] [1] SystemCertsVerification:
>> system certs verification success
>> 8634.main - [18/Jul/2016:11:46:21 EDT] [20] [1] SelfTestSubsystem: All
>> CRITICAL self test plugins ran SUCCESSFULLY at startup!
>>
>> Your help is highly appreciated!
>>
>>
>> Linov Suresh
>>
>> 70 Forest Manor Rd.
>> Toronto
>> ON M2J 0A9
>> Mobile: +1 647 406 9438
>> Linkedin: ca.linkedin.com/in/linov/
>> Website: http://mylinuxthoughts.blogspot.com
>>
>>
>> On Mon, Jul 18, 2016 at 10:50 AM, Petr Vobornik <pvoborni at redhat.com>
>> wrote:
>>
>>> On 07/18/2016 05:45 AM, Linov Suresh wrote:
>>> > Thanks for the update Rob. I went back to Jan 20, 2016, restarted CA
>>> and
>>> > certmonger. Look like certificates were renewed. But I'm getting a
>>> different
>>> > error now,
>>> >
>>> > *ca-error: Internal error: no response to
>>> > "
>>> http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=62&renewal=true&xml=true
>>> ".*
>>>
>>> Is PKI running? When you change the time, does restart of IPA help?
>>>
>>> >
>>> > [root at caer ~]# getcert list
>>> > Number of certificates and requests being tracked: 8.
>>> > Request ID '20111214223243':
>>> > status: MONITORING
>>> > stuck: no
>>> > key pair storage:
>>> >
>>> type=NSSDB,location='/etc/dirsrv/slapd-TELOIP-NET',nickname='Server-Cert',token='NSS
>>> > Certificate DB',pinfile='/etc/dirsrv/slapd-TELOIP-NET//pwdfile.txt'
>>> > certificate:
>>> >
>>> type=NSSDB,location='/etc/dirsrv/slapd-TELOIP-NET',nickname='Server-Cert',token='NSS
>>> > Certificate DB'
>>> > CA: IPA
>>> > issuer: CN=Certificate Authority,O=TELOIP.NET <
>>> http://TELOIP.NET>
>>> > subject: CN=caer.teloip.net <http://caer.teloip.net>,O=
>>> TELOIP.NET
>>> > <http://TELOIP.NET>
>>> > expires: 2016-07-18 15:54:36 UTC
>>> > eku: id-kp-serverAuth
>>> > pre-save command:
>>> > post-save command:
>>> > track: yes
>>> > auto-renew: yes
>>> > Request ID '20111214223300':
>>> > status: MONITORING
>>> > stuck: no
>>> > key pair storage:
>>> >
>>> type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
>>> Certificate
>>> > DB',pinfile='/etc/dirsrv/slapd-PKI-IPA//pwdfile.txt'
>>> > certificate:
>>> >
>>> type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
>>> Certificate
>>> > DB'
>>> > CA: IPA
>>> > issuer: CN=Certificate Authority,O=TELOIP.NET <
>>> http://TELOIP.NET>
>>> > subject: CN=caer.teloip.net <http://caer.teloip.net>,O=
>>> TELOIP.NET
>>> > <http://TELOIP.NET>
>>> > expires: 2016-07-18 15:54:52 UTC
>>> > eku: id-kp-serverAuth
>>> > pre-save command:
>>> > post-save command:
>>> > track: yes
>>> > auto-renew: yes
>>> > Request ID '20111214223316':
>>> > status: MONITORING
>>> > stuck: no
>>> > key pair storage:
>>> >
>>> type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
>>> > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>>> > certificate:
>>> >
>>> type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
>>> > Certificate DB'
>>> > CA: IPA
>>> > issuer: CN=Certificate Authority,O=TELOIP.NET <
>>> http://TELOIP.NET>
>>> > subject: CN=caer.teloip.net <http://caer.teloip.net>,O=
>>> TELOIP.NET
>>> > <http://TELOIP.NET>
>>> > expires: 2016-07-18 15:55:04 UTC
>>> > eku: id-kp-serverAuth
>>> > pre-save command:
>>> > post-save command:
>>> > track: yes
>>> > auto-renew: yes
>>> > Request ID '20130519130741':
>>> > status: MONITORING
>>> > ca-error: Internal error: no response to
>>> > "
>>> http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=61&renewal=true&xml=true
>>> ".
>>> > stuck: no
>>> > key pair storage:
>>> > type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
>>> > cert-pki-ca',token='NSS Certificate DB',pin='297100916664'
>>> > certificate:
>>> > type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
>>> > cert-pki-ca',token='NSS Certificate DB'
>>> > CA: dogtag-ipa-renew-agent
>>> > issuer: CN=Certificate Authority,O=TELOIP.NET <
>>> http://TELOIP.NET>
>>> > subject: CN=CA Audit,O=TELOIP.NET <http://TELOIP.NET>
>>> > expires: 2017-10-13 14:10:49 UTC
>>> > pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>>> > post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
>>> > "auditSigningCert cert-pki-ca"
>>> > track: yes
>>> > auto-renew: yes
>>> > Request ID '20130519130742':
>>> > status: MONITORING
>>> > ca-error: Internal error: no response to
>>> > "
>>> http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=60&renewal=true&xml=true
>>> ".
>>> > stuck: no
>>> > key pair storage:
>>> > type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert
>>> > cert-pki-ca',token='NSS Certificate DB',pin='297100916664'
>>> > certificate:
>>> > type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert
>>> > cert-pki-ca',token='NSS Certificate DB'
>>> > CA: dogtag-ipa-renew-agent
>>> > issuer: CN=Certificate Authority,O=TELOIP.NET <
>>> http://TELOIP.NET>
>>> > subject: CN=OCSP Subsystem,O=TELOIP.NET <http://TELOIP.NET>
>>> > expires: 2017-10-13 14:09:49 UTC
>>> > eku: id-kp-OCSPSigning
>>> > pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>>> > post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
>>> > "ocspSigningCert cert-pki-ca"
>>> > track: yes
>>> > auto-renew: yes
>>> > Request ID '20130519130743':
>>> > status: MONITORING
>>> > ca-error: Internal error: no response to
>>> > "
>>> http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=62&renewal=true&xml=true
>>> ".
>>> > stuck: no
>>> > key pair storage:
>>> > type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert
>>> > cert-pki-ca',token='NSS Certificate DB',pin='297100916664'
>>> > certificate:
>>> > type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert
>>> > cert-pki-ca',token='NSS Certificate DB'
>>> > CA: dogtag-ipa-renew-agent
>>> > issuer: CN=Certificate Authority,O=TELOIP.NET <
>>> http://TELOIP.NET>
>>> > subject: CN=CA Subsystem,O=TELOIP.NET <http://TELOIP.NET>
>>> > expires: 2017-10-13 14:09:49 UTC
>>> > eku: id-kp-serverAuth,id-kp-clientAuth
>>> > pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
>>> > post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
>>> > "subsystemCert cert-pki-ca"
>>> > track: yes
>>> > auto-renew: yes
>>> > Request ID '20130519130744':
>>> > status: MONITORING
>>> > ca-error: Internal error: no response to
>>> > "
>>> http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=64&renewal=true&xml=true
>>> ".
>>> > stuck: no
>>> > key pair storage:
>>> > type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
>>> Certificate
>>> > DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>>> > certificate:
>>> > type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
>>> Certificate DB'
>>> > CA: dogtag-ipa-renew-agent
>>> > issuer: CN=Certificate Authority,O=TELOIP.NET <
>>> http://TELOIP.NET>
>>> > subject: CN=RA Subsystem,O=TELOIP.NET <http://TELOIP.NET>
>>> > expires: 2017-10-13 14:09:49 UTC
>>> > eku: id-kp-serverAuth,id-kp-clientAuth
>>> > pre-save command:
>>> > post-save command: /usr/lib64/ipa/certmonger/restart_httpd
>>> > track: yes
>>> > auto-renew: yes
>>> > Request ID '20130519130745':
>>> > status: MONITORING
>>> > ca-error: Internal error: no response to
>>> > "
>>> http://caer.teloip.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=63&renewal=true&xml=true
>>> ".
>>> > stuck: no
>>> > key pair storage:
>>> > type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
>>> > cert-pki-ca',token='NSS Certificate DB',pin='297100916664'
>>> > certificate:
>>> > type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
>>> > cert-pki-ca',token='NSS Certificate DB'
>>> > CA: dogtag-ipa-renew-agent
>>> > issuer: CN=Certificate Authority,O=TELOIP.NET <
>>> http://TELOIP.NET>
>>> > subject: CN=caer.teloip.net <http://caer.teloip.net>,O=
>>> TELOIP.NET
>>> > <http://TELOIP.NET>
>>> > expires: 2017-10-13 14:09:49 UTC
>>> > eku: id-kp-serverAuth,id-kp-clientAuth
>>> > pre-save command:
>>> > post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv "
>>> TELOIP.NET
>>> > <http://TELOIP.NET>"
>>> > track: yes
>>> > auto-renew: yes
>>> > [root at caer ~]#
>>> >
>>> > Your help is highly appreciated!
>>> >
>>> >
>>> >
>>> > On Fri, Jul 15, 2016 at 5:08 PM, Rob Crittenden <rcritten at redhat.com
>>> > <mailto:rcritten at redhat.com>> wrote:
>>> >
>>> > Linov Suresh wrote:
>>> >
>>> > I logged into my IPA master, and found that the cert had
>>> expired again,
>>> > we renewed these certificates about 18 months ago.
>>> >
>>> > Our environment is CentOS 6.4 and IPA 3.0.0-26.
>>> >
>>> >
>>> > I followed the Redhat documentation,How do I manually renew
>>> Identity
>>> > Management (IPA) certificates after they have expired?
>>> (Master IPA
>>> > Server), https://access.redhat.com/solutions/643753 but no
>>> luck.
>>> >
>>> >
>>> > I have also changed the directive "NSSEnforceValidCerts off" in
>>> > /etc/httpd/conf.d/nss.conf and the value of
>>> nsslapd-validate-cert is warn.
>>> >
>>> > ldapsearch -x -h localhost -p 7389 -D 'cn=directory manager'
>>> -w *******
>>> > -b cn=config | grep nsslapd-validate-cert
>>> >
>>> > nsslapd-validate-cert: warn
>>> >
>>> > Here is my getcert list,
>>> >
>>> > [root at caer ~]# getcert list
>>> >
>>> >
>>> > It looks like your CA subsystem certificates all renewed
>>> successfully it is
>>> > just the webserver and LDAP certificates that need renewing so
>>> that's good.
>>> >
>>> > What I'd do is go back in time again to say Jan 20, 2016 and
>>> restart
>>> > certmonger. That should make it retry the renewals.
>>> >
>>> > rob
>>> >
>>> >
>>> >
>>> >
>>>
>>>
>>>
>>> --
>>> Petr Vobornik
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160719/dd490627/attachment.htm>
More information about the Freeipa-users
mailing list