On 23. okt. 2017 19:45, Bhavin Vaidya via FreeIPA-users wrote:
> We did manage to delete the certificates, all but the right one (we
> figured out looking at clients' /etc/ipa/ca.crt)
I have seen /etc/ipa/ca.crt get out of date before. It wasn't updated
automatically when renewing the CA cert, though I was using 3.x versions
at the time. Thankfully, it's easy to check. You can open up the Web UI
and check what the expiry date is in the browser. If it matches the
below, just ignore this message.
> Successfully retrieved CA cert
>     Subject:     CN=Certificate Authority,O=EXAMPLE.COM
>     Issuer:      CN=Certificate Authority,O=EXAMPLE.COM
>     Valid From:  Thu Jun 01 12:55:08 2017 UTC
>     Valid Until: Mon Jun 01 12:55:08 2037 UTC
> Joining realm failed: libcurl failed to execute the HTTP POST
> transaction.  Peer certificate cannot be authenticated with known CA
> certificates

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to