On 1/25/21 11:36 PM, Ahmed ElShafaie via FreeIPA-users wrote:
Also when I run ipa-certupdate
trying https://identity.ashlex.com/ipa/session/json
[try 1]: Forwarding 'schema' to json server
'https://identity.ashlex.com/ipa/session/json'
Major (851968): Unspecified GSS failure. Minor code may provide more
information, Minor (2529638945): Ticket not yet valid
The ipa-certupdate command failed.
Hi
the kerberos ticket was probably issued before you moved the date in the
past. You can re-try with a new ticket:
$ kinit admin
$ ipa-certupdate
Re. your other issue (The server certificate in key.txt,combined.crt is
not valid: certutil: certificate is invalid: Peer's Certificate has
expired.):
when the date is moved in the past, is the date inside the new cert
validity period? For instance, let's suppose that your previous cert
expired on Jan 15 and that your new cert is valid from Jan 10. When
moving the date in the past, you need to pick a date where both previous
and new certs are valid, for instance a date between Jan 10 and Jan 15.
HTH,
flo
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
