I was following the same documentation as IPA master for the replica for the certificate renewal. But was unsuccessful.
Should we use "How do I manually renew Identity Management (IPA) certificates after they have expired? (Replica IPA Server)" - https://access.redhat.com/solutions/962373 ? On Mon, Jul 25, 2016 at 6:17 PM, Linov Suresh <linov.sur...@gmail.com> wrote: > We were not sure that Signing-Cert required for LDAP/Apache certificates > renewal. Thank you very much for your update Rob. We are going to renew the > certificates without Signing-Cert. > > On Mon, Jul 25, 2016 at 6:08 PM, Rob Crittenden <rcrit...@redhat.com> > wrote: > >> Linov Suresh wrote: >> >>> We are using CentOS 6.4/FreeIPA 3.0.0 >>> >>> LDAP/Apache certificates were expired and when we tried to renew, we >>> found Signing-Cert is missing. >>> >>> # certutil -L -d /etc/httpd/alias -n Signing-Cert certutil: Could not >>> find cert: Signing-Cert : File not found >>> >>> How do we recreate Signing-Cert certificate? We use master-master >>> replica. Please help. >>> >>> >>> >> Only the initial master got a signing cert IIRC. It was used to sign the >> Firefox configuration jar. Are you using this? Recent versions of Firefox >> don't allow this kind of signed jar anymore and it has been dropped >> upstream. >> >> Are you just trying to be thorough or is this causing some real problem? >> >> rob >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project