John Tor via FreeIPA-users wrote: > Sure, > > [root@server ~]# pki securitydomain-show > WARNING: UNTRUSTED_ISSUER encountered on 'CN=ipa.example.test,O=EXAMPLE.TEST' > indicates a non-trusted CA cert 'CN=Certificate Authority,O=EXAMPLE.TEST' > Trust this certificate (y/N)? y > Domain: IPA > > [root@server ~]# curl -k > https://ipa.example.test:443/ca/rest/securityDomain/domainInfo > {"subsystemArray":[],"id":"IPA","subsystems":{}}{"subsystemArray": > > [root@server ~]# pki securitydomain-show > Domain: IPA > > Am I missing something in the FreeIPA Master?
The PKI securitydomain seems to be missing entirely. You have a CA installed, right? $ ipa server-role-find --status enabled You can look in LDAP with: $ ldapsearch -x -D 'cn=directory manager' -W -b "ou=Security Domain,o=ipaca" I'm guessing you'll get something back but no entries like dn=<hostname> in cn=CAList,ou=Security Domain,o=ipaca rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
