I did try to replace the certificate with a self signed one at one point but
then I was getting an error saying the certificate wasn't valid.
From: Vaede, Roger (Contractor)
Sent: Wednesday, October 30, 2013 2:37 PM
To: 'Rob Crittenden'; 'firstname.lastname@example.org'
Subject: RE: [Freeipa-devel] certificate renewal
I never installed freeipa, the person that installed it left the company.
I removed the request ID at one point by using the stop-tracking command then I
used this command to reinstate them:
ipa-getcert start-tracking -d /var/lib/pki-ca/alias -n ServerCert -r
Initially they expired around October 25th.
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Wednesday, October 30, 2013 2:30 PM
To: Vaede, Roger (Contractor); 'email@example.com'
Subject: Re: [Freeipa-devel] certificate renewal
Vaede, Roger (Contractor) wrote:
> I have two IPA servers, one primary and one is backup. (Redhat 5)
What version of ipa-server is this?
> The primary servers certificate has expired.
> I am not able to renew it.
> I turned off the ssl on the clients and now the users can login.
> I did a lot of research on certificate renewal and I am lost at this point.
> I am able to make changes using the backup IPA server.
This getcert output is quite strange. Did you start these tracking yourself?
Did you replace the IPA CA certificate at some point?
Freeipa-devel mailing list