Vaede, Roger (Contractor) wrote:
I did try to replace the certificate with a self signed one at one point but 
then I was getting an error saying the certificate wasn't valid.


Ok, I need to get a better handle on how this was originally installed in order to guide you. Can you look to see if /var/log/ipaserver-install.log still exists? It should have the original arguments passed.

What I need to know is if this was installed using a dogtag CA or if it was installed as a selfsign server.

rob


Regards
Roger

-----Original Message-----
From: Vaede, Roger (Contractor)
Sent: Wednesday, October 30, 2013 2:37 PM
To: 'Rob Crittenden'; 'freeipa-devel@redhat.com'
Subject: RE: [Freeipa-devel] certificate renewal

I never installed freeipa, the person that installed it left the company.
I removed the request ID at one point by using the stop-tracking command then I 
used this command to reinstate them:
ipa-getcert start-tracking  -d  /var/lib/pki-ca/alias -n ServerCert -r

Initially they expired around October 25th.

Regards
Roger

-----Original Message-----
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Wednesday, October 30, 2013 2:30 PM
To: Vaede, Roger (Contractor); 'freeipa-devel@redhat.com'
Subject: Re: [Freeipa-devel] certificate renewal

Vaede, Roger (Contractor) wrote:
I have two IPA servers, one primary and one is backup.  (Redhat 5)

What version of ipa-server is this?

The primary servers certificate has expired.

I am not able to renew it.

I turned off the ssl on the clients and now the users can login.

I did a lot of research on certificate renewal and I am lost at this point.

I am able to make changes using the backup IPA server.

This getcert output is quite strange. Did you start these tracking yourself?

Did you replace the IPA CA certificate at some point?

rob



_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to