So, first roadblock encountered.

One of the reasons we're migrating off of this machine (besides the fact that 
it is OLD) is that root CA cert has expired (the one used by Tomcat), and so 
far I haven't found any documentation on renewing it. Well that presents a 
problem (see attached).

It can't create a cert for the replica, because the root CA cert is expired. 

Can someone point me to docs that outline the step for renewing the root CA 

I would be most grateful.


Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design - Jabber:
PGP Key:  ID 0x73B13B6A
# ipa-replica-prepare
Directory Manager (existing master) password: 

Preparing replica for from
Creating SSL certificate for the Directory Server
ipa: INFO: sslget 
ipa: ERROR: cert validation failed for 
((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.)
preparation of replica failed: cannot connect to 
'': [Errno 
-8181] (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.
cannot connect to 
'': [Errno 
-8181] (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.
  File "/usr/sbin/ipa-replica-prepare", line 438, in <module>

  File "/usr/sbin/ipa-replica-prepare", line 336, in main
    export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dscert", 
replica_fqdn, subject_base)

  File "/usr/sbin/ipa-replica-prepare", line 135, in export_certdb
    raise e
Freeipa-users mailing list

Reply via email to