Hi, we need more details in order to help you. Do you have a single IPA server or multiple servers? Which one is the CA renewal master? flo
On Fri, Jul 7, 2023 at 10:02 AM Polavarapu Manideep Sai via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hi Team, > > > > As we checked pki-tomcatd service was stopped, couldn’t possible to set > the clock back as other certificates will not valid > > > > PFB details, please let us know if more details required on this > > > > As you can see Unable to communicate with CMS (404) when performed ipa > cert-show for the serial no , ipa version is VERSION: 4.5.0 > > > > Please guide us to proceed further > > > > > > [root@sai ~]# certutil -L -d /etc/pki/pki-tomcat/alias -n "Server-Cert > cert-pki-ca" |grep -i after > > Not After : Mon Jan 10 06:35:46 2022 > > [root@sai ~]# > > [root@sai ~]# certutil -L -d /etc/pki/pki-tomcat/alias -n "Server-Cert > cert-pki-ca" |grep -i before > > Not Before: Tue Jan 21 06:35:46 2020 > > [root@sai ~]# > > [root@sai ~]# > > [root@sai ~]# certutil -L -d /etc/pki/pki-tomcat/alias -n "Server-Cert > cert-pki-ca" |grep -i serial > > Serial Number: 80 (0x50) > > [root@sai ~]# > > [root@sai ~]# > > [root@sai ~]# ipa cert-show 80 > > ipa: ERROR: Certificate operation cannot be completed: Unable to > communicate with CMS (404) > > [root@sai ~]# > > [root@sai ~]# > > [root@sai ~]# # Not possible to reset clock back , because other > certificates were not valid > > [root@sai ~]# > > [root@sai ~]# > > [root@sai ~]# > > [root@sai ~]# ipa --version > > VERSION: 4.5.0, API_VERSION: 2.228 > > [root@sai ~]# > > [root@sai ~]# > > > > Regards > > Sai > > ------------------------------ > > DISCLAIMER: The information in this message is confidential and may be > legally privileged. It is intended solely for the addressee. Access to this > message by anyone else is unauthorized. If you are not the intended > recipient, any disclosure, copying, or distribution of the message, or any > action or omission taken by you in reliance on it, is prohibited and may be > unlawful. Please immediately contact the sender if you have received this > message in error. Further, this e-mail may contain viruses and all > reasonable precaution to minimize the risk arising there from is taken by > OnMobile. OnMobile is not liable for any damage sustained by you as a > result of any virus in this e-mail. All applicable virus checks should be > carried out by you before opening this e-mail or any attachment thereto. > Thank you - OnMobile Global Limited. > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue