On 11/11/2014 01:28 PM, Natxo Asenjo wrote: > hi Nali, > On Tue, Nov 11, 2014 at 12:57 PM, Martin Kosek <[email protected]> wrote: > >> So if the lurking double encoded certificate is in LDAP, and thus Apache DS >> shows is invalid (it shows as OK in my RHEL-7.0 server), maybe the easiest >> way >> to fix it would be to: >> >> - Open your Apache DS >> - Back up cn=CAcert,cn=ipa,cn=etc,dc=example,dc=com >> - Delete the cn=CAcert,cn=ipa,cn=etc,dc=example,dc=com entry >> - Run >> # ipa-ldap-updater --upgrade --ldapi --quiet >> on your 6.5+ server and the certificate entry should get regenerated >> (tested >> with 7.0). > > when you write 6.5+ server you mean in the kdc/CA server, right? Just > checking :-) > > Thanks! > > -- > Groeten, > natxo >
I meant IPA server running on RHEL/CentOS 6.5 or older... This is the one that can regenerate CAcert entry without double encoding. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
