the certificate is ok:
```
$ sudo curl -v --cert /var/lib/ipa/ra-agent.pem --key /var/lib/ipa/ra-agent.key
https://ipa01.example.com:8443/acme/login
....
....
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: O=EXAMPLE; CN=ipa01.example.com
* start date: Mar 16 08:01:12 2023 GMT
* expire date: Mar 5 08:01:12 2025 GMT
* subjectAltName: host "ipa01.example.com" matched cert's "ipa01.example.com"
* issuer: O=EXAMPLE; CN=IPACA01
* SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Unknown (23):
> GET /acme/login HTTP/1.1
> Host: ipa01.example.com:8443
> User-Agent: curl/7.76.1
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Unknown (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 404
< Content-Type: text/html;charset=utf-8
< Content-Language: en
< Content-Length: 765
< Date: Fri, 02 Aug 2024 19:29:55 GMT
<
* Connection #0 to host ipa01.example.com left intact
<!doctype html><html lang="en"><head><title>HTTP Status 404 – Not
Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;}
h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;}
.line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 404 – Not Found</h1><hr class="line" /><p><b>Type</b> Status
Report</p><p><b>Message</b> The requested resource [/acme/login] is not
available</p><p><b>Description</b> The origin server did not find a current
representation for the target resource or is not willing to disclose that one
exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.87</h3></body></html>
$ sudo getcert list -f /var/lib/ipa/ra-agent.pem
Number of certificates and requests being tracked: 12.
Request ID '20230316080240':
status: MONITORING
stuck: no
key pair storage: type=FILE,location='/var/lib/ipa/ra-agent.key'
certificate: type=FILE,location='/var/lib/ipa/ra-agent.pem'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=IPACA01,O=AEXAMPLE
subject: CN=IPA RA,O=EXAMPLE
issued: 2023-03-16 11:02:42 MSK
expires: 2025-03-05 11:02:42 MSK
key usage: digitalSignature,keyEncipherment,dataEncipherment
eku: id-kp-clientAuth
profile: caSubsystemCert
pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre
post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
track: yes
auto-renew: yes
```
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
