azeem via FreeIPA-users wrote: > Hello! > > I have inherited a FreeIPA server, and upon checking the certificate list > with getcert list, it shows that the certificate is already expired. Does > anyone know how to renew it? And coz of this issue, I am not able to enroll > any any clients. Any help would be appreciated. > > Request ID '20160825909273': > status: CA_UNREACHABLE > ca-error: Server at https://test.domain.com/ipa/xml failed request, will > retry: 907 (RPC failed at server. cannot connect to > 'https://test.domain.com:443/ca/eeca/ca/profileSubmitSSLClient': > (SSL_ERROR_EXPIRED_CERT_ALERT) SSL peer rejected your certificate as > expired.). > stuck: no > key pair storage: > type=NSSDB,location='/etc/dirsrv/slapd-TEST-DOMAIN-COM',nickname='Server-Cert',token='NSS > Certificate DB',pinfile='/etc/dirsrv/slapd-TEST-DOMAINCOM/pwdfile.txt' > certificate: > type=NSSDB,location='/etc/dirsrv/slapd-TEST-DOMAIN-COM',nickname='Server-Cert',token='NSS > Certificate DB' > CA: IPA > issuer: CN=Certificate Authority,O=TEST-DOMAIN-COM > subject: CN=test.domain.com,O=TEST.DOMAIN.COM > expires: 2023-12-18 15:52:08 UTC > principal name: ldap/[email protected] > key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment > eku: id-kp-serverAuth,id-kp-clientAuth > pre-save command: > post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv TEST.DOMAIN.COM > track: yes > auto-renew: yes
You have more certificates expired than just this one. I would expected ther are a number of CA-related certificates also expired. The number of tracked certificates should be more than 8 (if using getcert and not ipa-getcert). What version of IPA is this on what distro? rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
