A new post, a new problem, and a solution.
Earlier today I worked on a task involving SSSD, System Security Services Daemon, a system service to access remote directories and authentication mechanisms. It got both excited and a little worried at the same times, since it’s been a long while since I had do anything with SSSD.
Fast forward to the evening, I realized I had a FreeIPA server set up a long time ago right after passing the Red Hat Certified Specialist in Identity Management exam (EX362). Note this FreeIPA server was actually a second server I had set up after the EX362 exam. The original server was based on CentOS 7. The problem
… issue with certificate…
include png screenshot
Upgrading the above *added* requiredSecret="newSecret" to the AJP Connector elements within /etc/pki/pki-tomcat/server.xml. The existing secret="oldSecret" attribute was not changed. Neither was "secret=oldSecret" changed in the ProxyPassMatch directives in /etc/httpd/conf.d/ipa-pki-proxy.conf. It looks like tomcat uses the value of requiredSecret= in preference to secret= if both are supplied. The fix was to remove requiredSecret="newSecret" from the tomcat config file & restart pki-tomcatd@pki-tomcat.