On su, 21 heinä 2019, Ben Schofield via FreeIPA-users wrote:
Yep, all services are running. This is from the Apache error log,
right after login and trying to load the Users page:
[Mon Jul 22 10:12:36.022673 2019] [:error] [pid 14475] ipa: DEBUG: Destroyed connection
context.ldap2_140655759869968
[Mon Jul 22 10:12:36.272817 2019] [:error] [pid 14473] ipa: INFO: [jsonserver_session]
admin(a)DOMAIN.NZ: user_find(u'', sizelimit=0, version=u'2.230',
pkey_only=True): SUCCESS
[Mon Jul 22 10:12:36.273918 2019] [:error] [pid 14473] ipa: DEBUG: Destroyed connection
context.ldap2_140655759869968
[Mon Jul 22 10:14:03.993422 2019] [:error] [pid 14477] SSL Library Error: -12195 Peer does
not recognize and trust the CA that issued your certificate
The error above says that a client is not trusting CA certificate. So
the problem is on the client side, not a server one.
Like Flo said, check whether /etc/ipa/ca.crt is readable and is
available for a client that uses it.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland