> I'm asking you to compare because it's unexpected to see a subject
> CN=localhost for the IPA CA. Someone has probably messed up with some
> commands and replaced the original IPA CA with a wrong one in the
> /etc/pki/pki-tomcat/alias database. If that's the case, we can put the
> right CA back with certutil commands but we need to be sure what to put
> there.
Good call—they are completely different:
/etc/ipa/ca.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O = SIMPLYWS.COM, CN = Certificate Authority
Validity
Not Before: Nov 14 21:09:26 2020 GMT
Not After : Nov 14 21:09:26 2040 GMT
Subject: O = <domain>, CN = Certificate Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
and the one in the pki-tomcat/alias db is:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15 (0xf)
Signature Algorithm: sha256WithRSAEncryption
Issuer: O = SIMPLYWS.COM, CN = Certificate Authority
Validity
Not Before: Nov 21 21:11:50 2020 GMT
Not After : Nov 11 21:11:50 2022 GMT
Subject: CN = localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
How do we replace that one?
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
