We run IPA 3.0.0 and have a cert on the CA master expiring in about 10 days.
The problem is that we mistakenly provisioned the last cert using an old
hostname which means that automatically renewing the cert fails, and the IPA
cert checks we run fails with...
ca-error: Server at "http://correct.hostname:9180/ca/ee/ca/profileSubmit"
replied: 1: Server Internal Error.
I also get a java NPE error when curling that endpoint.
Is it possible to zero out the existing cert and resubmit it with the correct
hostname? This is a production environment supporting several thousand hosts
which means I want to test whatever solution I come up with. We have a few
staging environments but they're all configured correctly, so I'm wondering if
we can intentionally put one into a similar bad state and revert it.
Happy to provide clarifying information if I'm not making sense here.
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org