Linov Suresh wrote:
I logged into my IPA master, and found that the cert had expired again,
we renewed these certificates about 18 months ago.
Our environment is CentOS 6.4 and IPA 3.0.0-26.
I followed the Redhat documentation,How do I manually renew Identity
Management (IPA) certificates after they have expired? (Master IPA
Server), https://access.redhat.com/solutions/643753 but no luck.
I have also changed the directive "NSSEnforceValidCerts off" in
/etc/httpd/conf.d/nss.conf and the value of nsslapd-validate-cert is warn.
ldapsearch -x -h localhost -p 7389 -D 'cn=directory manager' -w *******
-b cn=config | grep nsslapd-validate-cert
nsslapd-validate-cert: warn
Here is my getcert list,
[root@caer ~]# getcert list
It looks like your CA subsystem certificates all renewed successfully it
is just the webserver and LDAP certificates that need renewing so that's
good.
What I'd do is go back in time again to say Jan 20, 2016 and restart
certmonger. That should make it retry the renewals.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
