Here is my ipactl status:
[root@xxx ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
I think I am doing something wrong. I've made a fresh installation, then added ca.crt
by "ipa-cacert-manage -n globalsign -t C,, install /root/ca.crt"
After this I ran ipa-certupdate and it was successful, I had no errors. So I tought it to
be safe to run ipa-server-certinstall and ran it.
As a result I get login failure in the web ui again. When I check httpd error_log I see
this:
[Wed Oct 20 14:02:17.214267 2021] [wsgi:error] [pid 20252:tid 140636607313664] [remote
10.212.238.92:52437] ipa: INFO: 401 Unauthorized: HTTPSConnectionPool(host='xxx',
port=443): Max retries exceeded with url: /ipa/session/cookie (Caused by
SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:897)'),))
After I saw this, I tried ipa-certupdate again and it gave the "cannot connect to
'any of the configured servers’:" error again.
What am I doing wrong? I did ipactl restart after ipa-server-certinstall.
I think I am missing some basics :/