On 25.05.2016 04:36, Barry wrote:

Hi:

Which location i should renew cert?
Http/alias
Etc/dirsrv/slapd*

Enough?


We need to know if you have IPA configured with
* externaly signed CA
* or selfsigned CA
* or if you have any other certificates from different CAs

If I remember correctly you wrote in one email that you have a certificate from godaddy, which certificate?

In case you have self signed CA certificate you should follow: http://www.freeipa.org/page/Howto/CA_Certificate_Renewal

Martin
2016年5月24日 下午10:01 於 "Rob Crittenden" <rcrit...@redhat.com <mailto:rcrit...@redhat.com>> 寫道:

    barry...@gmail.com <mailto:barry...@gmail.com> wrote:

        hi all:


        Thx ad title

        ipa         : ERROR    cert validation failed for
        "CN=server.abc.com <http://server.abc.com>
        <http://server.abc.com>,O=WISER S.COM <http://S.COM>
        <http://S.COM>"
        ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.)
        preparation of replica failed: cannot connect to
'https://server.ABC.com:944 4/ca/ee/ca/profileSubmitSSLClient':
        (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certi          ficate
        has expired.
        cannot connect to
'https://server.ABC.com:9444/ca/ee/ca/profileSubmitSSLClie nt':
        (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.


    The root of all your problems is that your certificates are
    expired. Fixing this should be your priority. This is probably
    going to involve going back in time to when the certificates are
    still valid, restarting IPA, restarting certmonger and waiting for
    things to properly renew. It can take some time as the
    certificates don't all renew at once.

    I suspect that once renewed and returned to current time the rest
    of your problems will, for the most part, go away.

    rob




-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to