Hi, Did you check the permissions of the ra-agent certificate files?
# ls -lZ /var/lib/ipa/ra-agent.* -r--r-----. 1 root ipaapi system_u:object_r:ipa_var_lib_t:s0 1704 May 31 2022 /var/lib/ipa/ra-agent.key -r--r-----. 1 root ipaapi system_u:object_r:ipa_var_lib_t:s0 1395 May 31 2022 /var/lib/ipa/ra-agent.pem The files must be readable by IPA framework. flo On Wed, Dec 14, 2022 at 12:10 PM junhou he via FreeIPA-users < [email protected]> wrote: > Hi , > I checked again and it matches > ldapsearch -x -o ldif-wrap=no -LLL -s base -h `hostname` -p 389 -b > uid=ipara,ou=people,o=ipaca description usercertificate > dn: uid=ipara,ou=people,o=ipaca > description: 2;7;CN=Certificate Authority,O=WINGON.HK;CN=IPA RA,O= > WINGON.HK > usercertificate:: > MIID2zCCAkOgAwIBAgIBBzANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlXSU5HT04uSEsxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMjExMTYwMjMzMDJaFw0yNDExMDUwMjMzMDJaMCUxEjAQBgNVBAoMCVdJTkdPTi5ISzEPMA0GA1UEAxMGSVBBIFJBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweZk70qnab7kJNH3Equt/OM5BgDA/8jMLovrMckOEuR0i7ESdbhYs7WXIRdz24Sfj21JoNiFznX6PNt5+lNGHeIGV59YWMeNp7+6fOzON3obtdSLCmu+B+8IDxjO0FKPGfjeMFXnY5SgxylBPqZ7O80Toa6hr+NgFnloFzBZxZZYM20qmGlyPP1XE1eoNLlqKGEv7dhyt+quAfos0OYwlsiQUe1x99Yh4ACtEXUiaDNgFbMrqSNmaB0VDwFjhki/LlSeuT8cf3qhasO/1uXqLVGfk1Rp6tLgpQM7Yme82xP+7mU9qb+2rmvwZEZ7IdhYtyPHR9/tcAd+gWVGNXB4QQIDAQABo4GGMIGDMB8GA1UdIwQYMBaAFJ8ZyajgiijLxO2BwLiNp41P71lBMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL2lwYS1jYS53aW5nb24uaGsvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBLAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHNXs5jedTldgECYHyiR1dLog9MZt2LlL8CUwOV9CVV7Y6GYK7faEVqQ6asJaMt6lIbfP/5luDDP3I/IV9b0LiKN8lkVCOcQ6h5gWPni5IEc5BKeCAcrF5Val+XhnEXraSyy0Ak5sxlMlKRN0Um8vvsk2t11xYeB4edgqdU6lpr2 > > > 3p9jXVZUgdFYcEo2WG0Mf/tES8ekccdYuEUqwK+ftqn1JytbLekVl/uIB79qS5+PIjTBtm8WiC0BWtaR4M/qQPJIwczfQNj3svhtuC/PeL6yWL7j20CkPvOldvIvcyJvRfmblkWWZbjy3xRRa1o1FwjMZbN+c/DA3Fp9HWUv97h6clXb1+n6ZRhthm3R+cD7uK5wGtMzcyM/c0GhonxdCYGuBNYmGuxMv6qGFvga2K18zVi9i4zVoFz27rllTaHWAEQvsI/BSwTKkEiLjNp9XmncKiz2SbMiC0f6i6hwpbk4rmNeM1Zwvo+TTpu7iVP57pz1zMaLXPLInkbjx1A1Wg== > > cat /var/lib/ipa/ra-agent.pem > -----BEGIN CERTIFICATE----- > MIID2zCCAkOgAwIBAgIBBzANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlXSU5H > T04uSEsxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMjExMTYw > MjMzMDJaFw0yNDExMDUwMjMzMDJaMCUxEjAQBgNVBAoMCVdJTkdPTi5ISzEPMA0G > A1UEAxMGSVBBIFJBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweZk > 70qnab7kJNH3Equt/OM5BgDA/8jMLovrMckOEuR0i7ESdbhYs7WXIRdz24Sfj21J > oNiFznX6PNt5+lNGHeIGV59YWMeNp7+6fOzON3obtdSLCmu+B+8IDxjO0FKPGfje > MFXnY5SgxylBPqZ7O80Toa6hr+NgFnloFzBZxZZYM20qmGlyPP1XE1eoNLlqKGEv > 7dhyt+quAfos0OYwlsiQUe1x99Yh4ACtEXUiaDNgFbMrqSNmaB0VDwFjhki/LlSe > uT8cf3qhasO/1uXqLVGfk1Rp6tLgpQM7Yme82xP+7mU9qb+2rmvwZEZ7IdhYtyPH > R9/tcAd+gWVGNXB4QQIDAQABo4GGMIGDMB8GA1UdIwQYMBaAFJ8ZyajgiijLxO2B > wLiNp41P71lBMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL2lw > YS1jYS53aW5nb24uaGsvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBLAwEwYDVR0lBAww > CgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggGBAHNXs5jedTldgECYHyiR1dLo > g9MZt2LlL8CUwOV9CVV7Y6GYK7faEVqQ6asJaMt6lIbfP/5luDDP3I/IV9b0LiKN > 8lkVCOcQ6h5gWPni5IEc5BKeCAcrF5Val+XhnEXraSyy0Ak5sxlMlKRN0Um8vvsk > 2t11xYeB4edgqdU6lpr23p9jXVZUgdFYcEo2WG0Mf/tES8ekccdYuEUqwK+ftqn1 > JytbLekVl/uIB79qS5+PIjTBtm8WiC0BWtaR4M/qQPJIwczfQNj3svhtuC/PeL6y > WL7j20CkPvOldvIvcyJvRfmblkWWZbjy3xRRa1o1FwjMZbN+c/DA3Fp9HWUv97h6 > clXb1+n6ZRhthm3R+cD7uK5wGtMzcyM/c0GhonxdCYGuBNYmGuxMv6qGFvga2K18 > zVi9i4zVoFz27rllTaHWAEQvsI/BSwTKkEiLjNp9XmncKiz2SbMiC0f6i6hwpbk4 > rmNeM1Zwvo+TTpu7iVP57pz1zMaLXPLInkbjx1A1Wg== > -----END CERTIFICATE----- > > thanks, > junhou > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
