Thanks in advance for your replies.. I've spent 7 hours looking through posts
here and trying everything... I'm stuck.
Background: I am a System Administrator in a closed, classified environment.
Unfortunately, I cannot post logging here, but I can refer to them as needed.
I inherited this system from someone who departed the program a year or so ago.
Fast forward to today, the server certs expired yesterday. Admittedly, I'm
unfamiliar (or was) with the certificate update process for IPA servers. On a
typical server, we replace the old cert and restart the httpd services;
however, I realize this cannot work with IPA servers now.
Additionally to all of this, the CA chain updated 6 months ago.
I ran ipa-cacert-manage to update the CA chain. When trying to run
ipa-certupdate, I received errors for an invalid server certificate (it expired
on 11 April 2023). It simply won't connect to the web server. HTTPD failed as
well, so I had to add "NSSEnforceValidCerts off" to the nss.conf file for HTTPD
to start. Still, no dice.
I've ran ipa-server-certinstall for the new cert/key as well, and it fails
saying its not trusted ("Peer's certificate issuer is not trusted [certutil:
certificate is invalid: Peer's Certificate issuer is not recognized] Please run
ipa-cacert-manage install and ipa-certupdate to install the CA certificate....
which, as reported above, can't complete.
I'm at a total loss here... and really struggling being new to all this and
trying my best to keep it afloat. Any help would be GREATLY appreciated!
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
