Hey Rob,

You may recall earlier when I said that we wound up pulling an expired cert on 
one of our staging IPA replicas after updating the xmlrpc_server variable to 
point to a different host.  It's not clear to us how best to fix that cert 
(although I suppose we could roll back time on the box), so we're wondering if 
we can update the certificate using openssl and then adding the entry using 
something like this:

certutil -A -d /etc/httpd/alias -n 'ipaCert'  -t u,u,u -a -i 

Thoughts? We don't need to go this route but we're gaming out 
recovery/alternate solutions in the event our efforts to fix prod fail.

I'm on IRC now if responses there would be faster or easier for you.

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to