>
> I would start by checking that your certificates are not expired.
> What's the output of
> # getcert list
> executed on your server my-idm-server.idm.my.domain ? Check that all
> the certificates have "expires: " dates in the future.
>
> flo
Hi Flo,
thank you for the hint. I just checked this, no certificate is expired.
All of the certificates are expiring in 2026.
Request ID '20240717114825':
status: MONITORING
stuck: no
key pair storage: type=FILE,location='/var/lib/ipa/ra-
agent.key'
certificate: type=FILE,location='/var/lib/ipa/ra-agent.pem'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=[...]
subject: CN=[...]
issued: 2024-07-17 13:48:25 CEST
expires: 2026-07-07 13:48:25 CEST
key usage: digitalSignature,keyEncipherment,dataEncipherment
eku: id-kp-clientAuth
profile: caSubsystemCert
pre-save command:
/usr/libexec/ipa/certmonger/renew_ra_cert_pre
post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert
track: yes
auto-renew: yes
[...]
Hannes
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
