On Wed, Aug 09, 2017 at 01:32:43PM +0200, Michael Gusek via FreeIPA-users wrote:
> Hello Rob,
> i can understand why CA won't start with expired certs. Actually my
> system date is a day before expiring (expiring date is 30 Jul 2017,
> system date now 29 Jul 2017), but CA won't start. How to "ensure that
> the CA comes up" ?

  There are couple of certificate selftests run at startup, you can see
the logs at


  If any of them fails, CA won't start. You will have to fix the situation 
test to fail or disabled them alltogether (/etc/pki/pki-tomcat/ca/CS.cfg, look
for selftest.container.*).

Tomasz Torcz       ,,(...) today's high-end is tomorrow's embedded processor.''
xmpp: zdzich...@chrome.pl                      -- Mitchell Blank on LKML
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to