Hello Rob,

i can understand why CA won't start with expired certs. Actually my
system date is a day before expiring (expiring date is 30 Jul 2017,
system date now 29 Jul 2017), but CA won't start. How to "ensure that
the CA comes up" ?

Michael


Am 08.08.2017 um 17:40 schrieb Rob Crittenden:
> Michael Gusek via FreeIPA-users wrote:
>> Hi Fraser,
>>
>> at the moment, i can't provide this logfile, i've moved that back to
>> have only new log lines. But a new new logfile is not created ??? In my
>> old logfile i have some lines after switch to basic auth, but before
>> setting time to past:
>>
> The CA won't start with expired certs.
>
> I'd set the time back to the past and ensure that the CA comes up. The
> debug log in that case should tell you what is going on. Be sure that
> ntpd is stopped.
>
> Restarting certmonger should be sufficient to have it try renewal as it
> will see on startup that the certs need to be refreshed.
>
> rob


_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to