Hi, On Tue, Dec 24, 2024 at 7:56 AM Dmitry Krasov via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
> I did chmod 777 for /etc/ipa/ca.crt and html/ca.crt but got same error. > Do you have selinux in enforcing mode? What is the output of ls -lZ /etc/ipa/ca.crt ? Maybe there is some wrong path in some place? > Also I compared this cert with cert in browser here > https://ipa.dom.loc:8443/ca/agent/ca/profileReview > and they looks different. Is it fine? > Yes it's normal. /etc/ipa/ca.crt contains the Certificate Authority cert (the same as in the NSS database /etc/pki/pki-tomcat/alias/ with the alias 'caSigningCert cert-pki-ca). According to the content pasted below, this one is valid between Nov 30 05:25:14 2022 GMT and Nov 30 05:25:14 2042 GMT. The one that you can see in your browser is the server certificate for HTTP, issued by the Certificate Authority. It is valid from Nov 30 05:25:14 2022 GMT to Nov 19 05:25:14 2024 GMT. flo ------------------------------------- > /etc/ipa/ca.crt and html/ca.crt: > > -----BEGIN CERTIFICATE----- > MIIDfzCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADAyMRAwDgYDVQQKDAdET00u > TE9DMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIxMTMwMDUy > NTE0WhcNNDIxMTMwMDUyNTE0WjAyMRAwDgYDVQQKDAdET00uTE9DMR4wHAYDVQQD > DBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw > ggEKAoIBAQDScx6Ah9lD3MZ9Y/FnmC2BuM1l5mbaDo6n8ke07So+J2ryG13kKWf6 > eGyaMiFf3o6bi9zTB2gDlIWDAgjsjYeVo7dz3dO+DM4o57C8OYGecySsJ3VSsYTs > utNNKxqMprOxqNB2ascwLiR6Oy2NWzOFtg0ZP4GBW1uqv26cYl0s28CcL1xU+Rnh > FsXTtn5yGdkUKPj9vBFxiQI11ILV+mp58NmIddqjjzsXzHrAJ7+v7EcVS1tlZvLA > bfgWVgaHE1GNdmL7DzkBtrIX6nwzVhbVFhKpYAAGJUPHFS9yMxgwGFejkVmyFOzG > o/cwikq699YHujpgPLej98BM6e9VIpxvAgMBAAGjgZ8wgZwwHwYDVR0jBBgwFoAU > CBaGdFi3XREanbDOr1fXZH4KKakwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E > BAMCAcYwHQYDVR0OBBYEFAgWhnRYt10RGp2wzq9X12R+CimpMDkGCCsGAQUFBwEB > BC0wKzApBggrBgEFBQcwAYYdaHR0cDovL2lwYS5kb20ubG9jOjgwL2NhL29jc3Aw > DQYJKoZIhvcNAQELBQADggEBAEDtgTehcANC+hTvgxXsV6tboYBAza6+Gvs+jQd4 > 2LfBwZNJClqTL0F2u2vUBH6m4gaUMWmPoP6bwqFJ7Yw+ZT04DlGpt0JyaVfP8zAU > FV3k9fygY9Qk6+WGyIi172uB+7GR7CIDT90cGftq3RqF5kapnbRXmT46RHNIC2gB > /Ld/fG4SPWwmSB91YPbiaRJcWdCC2QZsn7i2pikqyOfn7m9Oim8HZhd4/t1TMezD > +AJcfwCkWyqaLZPGwvdt8gf6vk7DR+FYIvmLxGbhrmS3yfuBmcJ8LgCKK5QtMXUo > FNc869oM4O6QoH87gzef9Lu9LrbWH23V7LH33G0aY1v5Jxs= > -----END CERTIFICATE----- > --------------------------------- > > ipa.dom.loc.crt from browser: > --------------------------------- > -----BEGIN CERTIFICATE----- > MIIDWjCCAkKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAyMRAwDgYDVQQKDAdET00u > TE9DMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIxMTMwMDUy > NTE0WhcNMjQxMTE5MDUyNTE0WjAoMRAwDgYDVQQKDAdET00uTE9DMRQwEgYDVQQD > DAtpcGEuZG9tLmxvYzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+g > HAHNMXIjF022FYZwJUUL2qVL3PoW/hewj99Gms6HwPusVSzgOwG70deGRMvXGyfQ > XUvzkuVKQbQ8zdsm6/WQMyGPyBf7XGMtjbvGRApvP6EpuUGspExD1s6dlZu+B/Ey > Bpdxn8foipn5us8LLohBGhDODWo/AycorZL/UXAU9FbrIweJGCSiKYSKTlb5ZsP+ > Ac7DHrr/siphqb3R6Qu9K2smDVEWWdEH44LID0jAMdPX5CfWPYxmG8YDG8MKV6bD > qajm4Jt0Rt4/fCdupPKmlHBGzej9IQL0hzMzhx1k2aDaCwkWsbZlg+LiEgmrugP0 > HM77f0TolUjHDv8ZJi0CAwEAAaOBhDCBgTAfBgNVHSMEGDAWgBQIFoZ0WLddERqd > sM6vV9dkfgopqTA5BggrBgEFBQcBAQQtMCswKQYIKwYBBQUHMAGGHWh0dHA6Ly9p > cGEuZG9tLmxvYzo4MC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DATBgNVHSUEDDAK > BggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAT9wXrumBSXL3PCh8YKTWRO7q > H1xmi24K7zckLKZNJyLtBmLA1pG9pOw3ZNuknj1dmmhxgW1laGSD86EbdymOl2jk > jU/WYmXXVNGjEFnFpMfaPtdY1/S4M6anrjPwG0SJaGO+0Avf7+odr9wMbL/IUY+t > u2sF9+sj4M0Mq6cxZyCfaANC83Q4exiIvQ34OQdD2mH77r3eKis9KPsf44GTojSt > WxSZeeZr2Isq/N95qN4/vA+cXjPEAi65YS4TJvXujVmN/KmawNnv3WNLVSAx638r > RxUhZ7pJ5K+ixymk6KhBBm5PRmgqkEdfPlyzt9ksaJ7wTNpVOU3js53yTqarVQ== > -----END CERTIFICATE----- > -- > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
