Hi,

> To recover from this situation you should reinstall the old CA
> certificate via ipa-cacert-manage.  If you can't find a copy of that
> lying around you should (for a self-signed IPA CA) be able to
> retrieve it from LDAP under ou=certificateRepository,ou=ca,o=ipaca.
> (Probably cn=1,ou=certificateRepository,ou=ca,o=ipaca but you should
> check the subject and validity before installing it to make sure the
> particulars are correct).  The attribution you want is
> 'userCertificate;binary'.
>


Actually after ipa-cacert-manage, I used a backup to roll back the changes,
so I do think that my CA has not been actually changed.
I was just surprised not to be able to restart the httpd service, but it
was due to the expired SSL certificate.

Thanks a lot.
Karl




> HTH,
> Fraser
>
> > From your description it sounded like you just wanted the CA to issue a
> new
> > certificate for your IPA UI, this you can do via the interface.
> >
> > https://access.redhat.com/documentation/en-US/Red_Hat_
> Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_
> Guide/certificates.html#certificate-request-ui
> >
> >
> >
> > On Wed, Jul 12, 2017 at 10:22 AM None via FreeIPA-users <
> > freeipa-users@lists.fedorahosted.org> wrote:
> >
> > > The problem is that the SSL certificate was not renewed by  the
> > > "ipa-cacert-manage renew" command.
> > > So the http server refuses to start.
> > > Hence my question: what is the correct way to renew the SSL
> certificate ??
> > >
> > > Thanks.
> > > _______________________________________________
> > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> > > To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org
> > >
> > --
> > Callum Guy
> > Head of Information Security
> > X-on
> >
> > --
> >
> >
> >
> > *0333 332 0000  |  www.x-on.co.uk <http://www.x-on.co.uk>  |   **
> > <https://www.linkedin.com/company/x-on>   <https://www.facebook.com/
> XonTel>
> >   <https://twitter.com/xonuk> *
> > X-on is a trading name of Storacall Technology Ltd a limited company
> > registered in England and Wales.
> > Registered Office : Avaland House, 110 London Road, Apsley, Hemel
> > Hempstead, Herts, HP3 9SD. Company Registration No. 2578478.
> > The information in this e-mail is confidential and for use by the
> > addressee(s) only. If you are not the intended recipient, please notify
> > X-on immediately on +44(0)333 332 0000 and delete the
> > message from your computer. If you are not a named addressee you must not
> > use, disclose, disseminate, distribute, copy, print or reply to this
> email. Views
> > or opinions expressed by an individual
> > within this email may not necessarily reflect the views of X-on or its
> > associated companies. Although X-on routinely screens for viruses,
> > addressees should scan this email and any attachments
> > for viruses. X-on makes no representation or warranty as to the absence
> of
> > viruses in this email or any attachments.
> >
>
> > _______________________________________________
> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> > To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org
>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to