[Freeipa-users] (no subject)

Rob Crittenden rcritten at redhat.com
Tue Mar 20 19:40:13 UTC 2012


Jimmy wrote:
>   ipa cert-show 1==
>
> Certificate: MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAyMRAwDgYDVQQKEwdQREgu
> Q1NQMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTEwOTEzMTU0
> MTE4WhcNMTkwOTEzMTU0MTE4WjAyMRAwDgYDVQQKEwdQREguQ1NQMR4wHAYDVQQD
> ExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
> ggEKAoIBAQDRPzyFQbAIgnNLGZQRoMVuHGLIBqANVpJOXiE28PlwVczQ5F14FE5e
> d2QZ6CYtY/1RpWph/SaUHqRKW2C2NTlx3Rw6q+aaLzFqqSp4cC9vNwfURT32xn64
> wSuHsVPakBp6xDF5QfJTgxXEcO/eJt9KiyIDtOEmk3TBzmalNtVejNe33OfwBx6s
> LmVKjH49wUuUGQBvk6/di5vhQ8soquWMRKdZFsTBfepp4BSvscweY0nNk7+iMOEE
> ESt0JOhvrQOzEeopqVf7GcDKLEhCC4BRwuGZ6GzWl3w9OiiriH8aLdEGeLuBjYq1
> wa/z6pCah4dNmAmV/nf5xocH84DdxRJJAgMBAAGjgaUwgaIwHwYDVR0jBBgwFoAU
> PiI4ye3VbGZeR6iy37xgdCLgUNcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
> BAMCAcYwHQYDVR0OBBYEFD4iOMnt1WxmXkeost+8YHQi4FDXMD8GCCsGAQUFBwEB
> BDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL2NzcC1pZG0ucGRoLmNzcDo5MTgwL2Nh
> L29jc3AwDQYJKoZIhvcNAQELBQADggEBALsg/ivFOv4VmydSZ2q93TwQUtV49Gp+
> AJcrCu8aVpd2q9LX2yNxq2EXSZq4+/Afml6zGCSMZ6w/EV2dpwHo4BrVg5HAIWe9
> k6zekjDhVGVYRtO09B8PTWoRvt5lgQf4zMoiaVwS8+uE8CWF3Y24CqnAeW4z9vFr
> EmCkVEp69xaLfbTBLt1bzyIxIlq4mgb8oE8NDVr2Qo3cdwT4qGNPLEHvb9vCwySN
> R3BNarw+LB0GB5g5XkEIXPmgKmxoJuQ3nW578bPxXRvUJ19Yg2/WObAyrfoVL/sc
> iEJDnJKWtV/kcN68LhOIkC77w41RII43YxJFQva9NQVY4uT1CApNcPk=
>    Subject: CN=Certificate Authority,O=ABC.XYZ
>    Issuer: CN=Certificate Authority,O=ABC.XYZ
>    Not Before: Tue Sep 13 15:41:18 2011 UTC
>    Not After: Fri Sep 13 15:41:18 2019 UTC
>    Fingerprint (MD5): 05:d4:89:49:6b:03:0e:9b:06:14:a0:0a:e2:32:dc:e1
>    Fingerprint (SHA1):
> c4:b7:9f:07:df:5a:9e:36:a6:c3:f4:18:c7:77:1a:29:86:30:41:4f
>    Serial number: 1
>
> kvno host/xyz-ipa.abc.xyz -k /etc/krb5.keytab
> host/xyz-ipa.abc.xyz at ABC.XYZ: kvno = 2, keytab entry valid
>
> I can do a kinit as the host principal with the keytab /etc/krb5.keytab

Can you make sure the system hostname is right? Check the output of 
/bin/hostname, /etc/hosts and DNS.

You might try restarting the certmonger service.

rob




More information about the Freeipa-users mailing list