On Wed, Aug 09, 2017 at 01:32:43PM +0200, Michael Gusek via FreeIPA-users wrote: > Hello Rob, > > i can understand why CA won't start with expired certs. Actually my > system date is a day before expiring (expiring date is 30 Jul 2017, > system date now 29 Jul 2017), but CA won't start. How to "ensure that > the CA comes up" ?
There are couple of certificate selftests run at startup, you can see the logs at /var/log/pki/pki-tomcat/ca/selftests.log If any of them fails, CA won't start. You will have to fix the situation causing test to fail or disabled them alltogether (/etc/pki/pki-tomcat/ca/CS.cfg, look for selftest.container.*). -- Tomasz Torcz ,,(...) today's high-end is tomorrow's embedded processor.'' xmpp: zdzich...@chrome.pl -- Mitchell Blank on LKML _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org