tipex tipex via FreeIPA-users wrote: > Hi Rob > > Thanks for your suggestion. I've done the following which has got me a step > closer... > > I created the following symlink: > sudo ln -s /usr/share/pki/server/conf/Catalina/localhost/rewrite.config > /etc/pki/pki-tomcat/Catalina/localhost/rewrite.config > > Then edited this file: > sudo vi /etc/pki/pki-tomcat/server.xml > > And added in this line after line 132: > <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"/> > > Ran the upgrade command: > sudo ipa-server-upgrade > > Now when I run sudo ipa-acme-manage pruning --config-show I get the following > which is different to before and sounds less bad: > Certificate pruning requires random serial numbers > The ipa-acme-manage command failed. > > I did the above on both machines. Machine A is the CA master. > > The health check is still showing the same errors. Anyone got any ideas why > the health check is using the wrong hostname for machine B and how I can fix > it? I cant figure out where its getting the wrong hostname from. The only > reference I can find to wrong host names is in some old certificates which I > have revoked in the web UI. >
Its likely not the wrong hostname but an old one. I'm guessing a CA was removed and the PKI securitydomain wasn't updated for some reason. You can confirm this with: pki securitydomain-show If indeed that old host shows up you can remove it using https://rcritten.wordpress.com/2023/04/28/dogtag-pki-security-domain-management/ rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
