On su, 21 heinä 2019, Ben Schofield via FreeIPA-users wrote:
Yep, all services are running. This is from the Apache error log, right after login and trying to load the Users page:
[Mon Jul 22 10:12:36.022673 2019] [:error] [pid 14475] ipa: DEBUG: Destroyed connection context.ldap2_140655759869968 [Mon Jul 22 10:12:36.272817 2019] [:error] [pid 14473] ipa: INFO: [jsonserver_session] admin@DOMAIN.NZ: user_find(u'', sizelimit=0, version=u'2.230', pkey_only=True): SUCCESS [Mon Jul 22 10:12:36.273918 2019] [:error] [pid 14473] ipa: DEBUG: Destroyed connection context.ldap2_140655759869968 [Mon Jul 22 10:14:03.993422 2019] [:error] [pid 14477] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate
The error above says that a client is not trusting CA certificate. So the problem is on the client side, not a server one.
Like Flo said, check whether /etc/ipa/ca.crt is readable and is available for a client that uses it.