On Fri, 2021-09-17 at 12:35 +0000, pp via FreeIPA-users wrote:
> Could you check if your "requiredSecret" value matches the "secret" in "/etc/pki/pki-tomcat/server.xml"?
> I had two lines where they were different and the value has to match the secret in "/etc/httpd/conf.d/ipa-pki-proxy.conf". Once they all matched I restarted pki-tomcatd@pki-tomcat.service and httpd
> and both CLI and WebGUI certificate management worked again.
> According to a different thread "tomcat pre-9.0.31.0 uses 'requiredSecret' and afterward uses 'secret'."
> I am running my FreeIPA server on CentOS 8 Stream which uses tomcat 9.0.30. My uninformed guess is the last FreeIPA update from 4.9.3 to 4.9.6 configured "secret" only and not "requiredSecret" which
> "broke" the config for the tomcat version used. Hope this helps.
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

I can confirm that I ran in this issue on CentOS Stream 8 and this solution works.


_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure