So, first roadblock encountered.
One of the reasons we're migrating off of this machine (besides the fact that
it is OLD) is that root CA cert has expired (the one used by Tomcat), and so
far I haven't found any documentation on renewing it. Well that presents a
problem (see attached).
It can't create a cert for the replica, because the root CA cert is expired.
:)
Can someone point me to docs that outline the step for renewing the root CA
cert?
I would be most grateful.
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A
# ipa-replica-prepare ipan.lab.whamcloud.com
Directory Manager (existing master) password:
Preparing replica for ipan.lab.whamcloud.com from ipa0.lab.whamcloud.com
Creating SSL certificate for the Directory Server
ipa: INFO: sslget
'https://ipa0.lab.whamcloud.com:9444/ca/ee/ca/profileSubmitSSLClient'
ipa: ERROR: cert validation failed for
"CN=ipa0.lab.whamcloud.com,O=LAB.WHAMCLOUD.COM"
((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.)
preparation of replica failed: cannot connect to
'https://ipa0.lab.whamcloud.com:9444/ca/ee/ca/profileSubmitSSLClient': [Errno
-8181] (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.
cannot connect to
'https://ipa0.lab.whamcloud.com:9444/ca/ee/ca/profileSubmitSSLClient': [Errno
-8181] (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.
File "/usr/sbin/ipa-replica-prepare", line 438, in <module>
main()
File "/usr/sbin/ipa-replica-prepare", line 336, in main
export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dscert",
replica_fqdn, subject_base)
File "/usr/sbin/ipa-replica-prepare", line 135, in export_certdb
raise e_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
