Sanju A wrote:
Please find the entire result.
Ok, the good news is that renewal already took place and it looks like
everything is a-ok certificate-wise.
First, make sure the CA is up:
# ipactl status
If the CA is down, start it with service pki-cad start.
If the CA is up, the next thing to check are the trust flags:
# certutil -L -d /var/lib/pki-ca/alias
The auditSigningCert should be u,u,Pu
If it isn't, fix it with:
# certutil -M -t u,u,Pu -d /var/lib/pki-ca/alias -n 'auditSigningCert
You'll need to restart the CA after changing the trust:
# service pki-cad restart
If the trust is ok and the CA was already up we'd need to see your CA
logs to try to determine what is going on.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project