craig.free...@noboost.org wrote:
Well progress :) just not quite fully fixed, seems three certificates have updated just
not the others yet. Do I need to "tell them to update", or let the server roll
over until it hits Jan 14?
Server: Red Hat Enterprise Linux Server release 6.5 (Santiago)
ipa-server-3.0.0-37.el6.x86_64
ipa-client-3.0.0-37.el6.x86_64
---
~/Scripts>date
Sat Jan 11 19:29:02 EST 2014
---
~/Scripts>certutil -L -d /etc/httpd/alias -n ipaCert | grep After
Not After : Fri Jan 01 07:44:45 2016
---
Ran script:
for nickname in "auditSigningCert cert-pki-ca" "ocspSigningCert cert-pki-ca" "subsystemCert
cert-pki-ca" "Server-Cert cert-pki-ca"
do
echo $nickname
certutil -L -d /var/lib/pki-ca/alias -n "${nickname}" | grep -i after
done
---
auditSigningCert cert-pki-ca
Not After : Thu Jul 10 07:45:42 2014
Not After : Tue Jan 14 06:45:05 2014
ocspSigningCert cert-pki-ca
Not After : Fri Jan 01 07:44:43 2016
subsystemCert cert-pki-ca
Not After : Fri Jan 01 07:44:44 2016
Server-Cert cert-pki-ca
Not After : Tue Jan 14 06:45:05 2014
---
The apache cert did update which is good!
~/Scripts>certutil -L -d /etc/httpd/alias -n ipaCert | grep After
Not After : Fri Jan 01 07:44:45 2016
cya
Craig
For those not yet renewed I'd do a getcert list to find them and getcert
resubmit -i <id> to force renewal.
The CA won't start without a valid audit cert.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users