> Right. > > You'll need to get the serial number of the two certificates: > > # openssl x509 -serial -noout -in /var/lib/ipa/ra-agent.pem > # openssl x509 -serial -noout -in /var/kerberos/krb5kdc/kdc.crt > > Then run pki-server cert-fix again specifying those serial numbers: > > # pki-server cert-fix --ldapi-socket /var/run/slapd-YOUR-REALM.socket > --agent-uid ipara --extra-cert serial#1 --extra-cert serial#2 > > Restart certmonger to see the updated certificates. > > rob
Any suggestions here: # openssl x509 -serial -noout -in /var/lib/ipa/ra-agent.pem serial=21 # openssl x509 -serial -noout -in /var/kerberos/krb5kdc/kdc.crt serial=1F # pki-server cert-fix --ldapi-socket /run/slapd-[DOMAIN].socket --agent-uid ipara --extra-cert 21 --extra-cert 1F ERROR: --extra-cert requires serial number as integer -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
