Joseph Vandermaas wrote:
> All
>       I have been experiencing some issues with a FreeIPA instance that I 
> maintain. More specifically pki-tomcat has not started since around the time 
> it’s certificate renewed. I submitted this bug report 
>, however a solution has yet to 
> be found.
>       This installation does have one instresting issue that I believe may be 
> causing it to fail. There are two certificates under cn=EXAMPLE.COM IPA 
> CA,cn=certificates,cn=ipa,cn=etc,dc=example,dc=com. Both of these are valid 
> CA certificates and when I run openssl verify with ether of them as the CA 
> and the new subsystem certificate I get an OK message. I also believe that 
> this issue is causing me not to be able to do a ipa-certupdate on the broken 
> IPA server. Is there a way to to clean this up, should I try renewing the CA 
> certificate and get rid of the old LDAP entries?

What did you do, as exactly as you can remember, to get the certificates


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to