JR Aquino wrote:
On Jun 5, 2012, at 11:18 AM, Paul Tader wrote:

A couple days ago my (apache) certificates expired.  Users are able to kinit 
but tools such as sudo fail because of the expired certificates. Lots of 
reading/Google'ing later I found this script (steps) to renew these certs:

I'm just curious, but, isn't certmonger supposed to automatically renew these?  
Is certmonger failing in this case?

Yes, the first thing to do is figure out why certmonger didn't automatically renew the certificates. Then it should be as simple as setting the date back, letting certmonger do its thing, then setting it forward again.

That is very strange certmonger output. You might try setting the date back a couple of days and trying something like:

ipa-getcert resubmit -i 20110706215145

And see what the status goes to.


Freeipa-users mailing list

Reply via email to