Got an issue with an IPA replica in that the certs in /etc/httpd/alias & /etc/dirsrv/slapd-IPA-REALM have expired.

Have tried setting date back before expiry on the replica and doing an 'ipa-getcert resubmit -i <id>' but that hasn't worked it looks like the CA master is actually rejecting it since the havent set the date back on that server.

Error am getting on replica is ...

Request ID '20120719044839':
    status: CA_UNREACHABLE
ca-error: Server failed request, will retry: -504 (libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates).

is there any way of forcing a re-newel or manual process for updating these certs .. ???

thx & rgds

Matt Bryant

Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to