On 23. okt. 2017 19:45, Bhavin Vaidya via FreeIPA-users wrote: > We did manage to delete the certificates, all but the right one (we > figured out looking at clients' /etc/ipa/ca.crt) > > I have seen /etc/ipa/ca.crt get out of date before. It wasn't updated automatically when renewing the CA cert, though I was using 3.x versions at the time. Thankfully, it's easy to check. You can open up the Web UI and check what the expiry date is in the browser. If it matches the below, just ignore this message. > Successfully retrieved CA cert > Subject: CN=Certificate Authority,O=EXAMPLE.COM > Issuer: CN=Certificate Authority,O=EXAMPLE.COM > Valid From: Thu Jun 01 12:55:08 2017 UTC > Valid Until: Mon Jun 01 12:55:08 2037 UTC > > Joining realm failed: libcurl failed to execute the HTTP POST > transaction. Peer certificate cannot be authenticated with known CA > certificates > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
