Sanju A wrote:
Dear Rob,
Please find the entire result.
Ok, the good news is that renewal already took place and it looks like
everything is a-ok certificate-wise.
First, make sure the CA is up:
# ipactl status
If the CA is down, start it with service pki-cad start.
If the CA is up, the next thing to check are the trust flags:
# certutil -L -d /var/lib/pki-ca/alias
The auditSigningCert should be u,u,Pu
If it isn't, fix it with:
# certutil -M -t u,u,Pu -d /var/lib/pki-ca/alias -n 'auditSigningCert
cert-pki-ca'
You'll need to restart the CA after changing the trust:
# service pki-cad restart
If the trust is ok and the CA was already up we'd need to see your CA
logs to try to determine what is going on.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
