Thanks, I did it as your instruction, the old serial 268238851 was revoked and invalid. A new serial was generated and valid already.
================== # 268238851, certificateRepository, ca, ipaca dn: cn=268238851,ou=certificateRepository,ou=ca,o=ipaca objectClass: top objectClass: certificateRecord serialno: 09268238851 metaInfo: requestId:9970004 metaInfo: profileId:caInternalAuthServerCert notBefore: 20171121164311Z notAfter: 20191111164311Z duration: 1162208000000 subjectName: CN=ipa.ipa.pthl.hk,O=IPA.PTHL.HK issuerName: CN=Certificate Authority,O=IPA.PTHL.HK publicKeyData:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX extension: 1.3.6.1.5.5.7.1.1 extension: 2.5.29.37 extension: 2.5.29.35 extension: 2.5.29.15 userCertificate;binary:: XXXXXXXXXXXXXXXXXXXXXXXX version: 2 algorithmId: 1.2.840.113549.1.1.1 signingAlgorithmId: 1.2.840.113549.1.1.11 dateOfCreate: 20171121164311Z autoRenew: ENABLED issuedBy: admin-ipa.ipa.pthl.hk cn: 268238851 revInfo: 20180625110026Z;CRLReasonExtension=0 revokedBy: ipara revokedOn: 20180625110026Z certStatus: REVOKED dateOfModify: 20180625110026Z =============== Thanks. It seems that all the certificates are stored in 389 DS and being tracked. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
