Unfortunately, despite `getcert list` returning the updated cert, and /etc/ipa/ca.crt showing the correct certificate, IPA is showing a certificate error after the old CA Cert expired at midnight.
One example is: # ipa-certupdate trying https:/URL/ipa/json Connection to https:/URL/ipa/json failed with [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618) I also can't log in using LDAP from some services that depend on IPA. I had run ipa-certupdate on all these clients when it wasn't expired. Another oddity is that if I go to https://IPA-URL and view the cert, the CA cert looks fine ie expiration is 2040. Any idea how I can resolve this? There is an outdated cert somewhere that ipa-certupdate did not fix. Note I had run ipa-certupdate everywhere including the FreeIPA servers before the cert expired. Thanks _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
