[Freeipa-users] CA-less install - problem with CA certificates - PLEASE HELP!
Peter Pakos
peter at pakos.uk
Fri Jul 22 12:22:50 UTC 2016
A massive thank you to Jan Cholasta for handholding me while I was getting
this problem fixed. This is how we did it...
1. List all CA certificates in LDAP directory:
ldapsearch -b cn=certificates,cn=ipa,$basedn
2. Using ldapdelete, get rid of all certificates that shouldn't be there,
in my case there were 2 called "CA 1" and "CA 2"
3. List all certificates in the following databases ($db):
- /etc/httpd/alias/
- /etc/dirsrv/slapd-IPA-YOUR-REALM/
- /etc/pki/nssdb/
- /etc/ipa/nssdb/
certutil -L -d $db
4. Delete incorrect certificates from the above databases:
--
Kind regards,
Peter Pakos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160722/ad0a17c2/attachment.htm>
More information about the Freeipa-users
mailing list