externaly signed CA - Godaddy Exppired.
Already add new to db /etc/https/alias / -L and config nickname map in
Already Import to /etc/slapd/PKI-IPA ...where nickname I should point to?
Alreasy change /etc/dirsrv/slapd-ABC-COM and nickname map in dse.ldif
Start stop IPA no cert issue . but server ipa prepare fail.
IPA replica still say cert expiry , any where I missed ?
2016-05-25 19:30 GMT+08:00 Martin Basti <mba...@redhat.com>:
> On 25.05.2016 04:36, Barry wrote:
> Which location i should renew cert?
> We need to know if you have IPA configured with
> * externaly signed CA
> * or selfsigned CA
> * or if you have any other certificates from different CAs
> If I remember correctly you wrote in one email that you have a certificate
> from godaddy, which certificate?
> In case you have self signed CA certificate you should follow:
> 2016年5月24日 下午10:01 於 "Rob Crittenden" <rcrit...@redhat.com> 寫道：
>> barry...@gmail.com wrote:
>>> hi all:
>>> Thx ad title
>>> ipa : ERROR cert validation failed for "CN=server.abc.com
>>> <http://server.abc.com>,O=WISER S.COM <http://S.COM>"
>>> ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.)
>>> preparation of replica failed: cannot connect to
>>> 'https://server.ABC.com:944 4/ca/ee/ca/profileSubmitSSLClient':
>>> (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certi ficate has expired.
>>> cannot connect to
>>> 'https://server.ABC.com:9444/ca/ee/ca/profileSubmitSSLClie nt':
>>> (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.
>> The root of all your problems is that your certificates are expired.
>> Fixing this should be your priority. This is probably going to involve
>> going back in time to when the certificates are still valid, restarting
>> IPA, restarting certmonger and waiting for things to properly renew. It can
>> take some time as the certificates don't all renew at once.
>> I suspect that once renewed and returned to current time the rest of your
>> problems will, for the most part, go away.
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project