Hi, I'm having trouble with pki-tomcat as shipped as a part of FreeIPA in Fedora 34. Version is pki-base-10.10.6-1.fc34.noarch. The problem is in authentication for ACME component. Logs, even after increasing level, are very short: 2021-11-03 18:43:07 [https-jsse-nio-8443-exec-12] INFO: Finding user by cert: 2021-11-03 18:43:07 [https-jsse-nio-8443-exec-12] INFO: - base DN: ou=people,o=ipaca 2021-11-03 18:43:07 [https-jsse-nio-8443-exec-12] INFO: - filter: description=2;105;CN=Certificate Authority,O=PIPEBREAKER.PL;CN=IPA RA,O=PIPEBREAKER.PL 2021-11-03 18:43:07 [https-jsse-nio-8443-exec-12] INFO: User: uid=ipara,ou=people,o=ipaca 2021-11-03 18:43:08 [https-jsse-nio-8443-exec-12] FINE: Realm.authenticate() returned false I've verified (thrice!) that certificate used for authentication is correct – the same as stored in LDAP. How to find out why Realm authentication fails? Can I increase log level for this component? Any ideas how should I continue? Full thread with this problem is at: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho... -- Tomasz Torcz “Funeral in the morning, IDE hacking tomek(a)pipebreaker.pl in the afternoon and evening.” - Alan Cox