Sanju A wrote:
Dear Rob,

Please find the entire result.

Ok, the good news is that renewal already took place and it looks like everything is a-ok certificate-wise.

First, make sure the CA is up:

# ipactl status

If the CA is down, start it with service pki-cad start.

If the CA is up, the next thing to check are the trust flags:

# certutil -L -d /var/lib/pki-ca/alias

The auditSigningCert should be u,u,Pu

If it isn't, fix it with:

# certutil -M -t u,u,Pu -d /var/lib/pki-ca/alias -n 'auditSigningCert cert-pki-ca'

You'll need to restart the CA after changing the trust:

# service pki-cad restart

If the trust is ok and the CA was already up we'd need to see your CA logs to try to determine what is going on.

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to