I already done input new cert but ipa-replica-prepare central03.ABC.com (ipa
3.0) it fail with the error as below:
which "location" I should check the old cert still inside some where

Below I already input CA / server cert ..and nssdb poting is right
..already spent serveral days to check where is it I also try direct use
pfx for the cert directly but same error comesout...seem it still use old
cert to compare.

Any idea ? many thanks


I use similar commands as below: and follow steps here: https web side
already using new and dirsvr no error on starting only I cannot do replicas


certutil -A -d  /var/lib/pki-ca/alias/ -n 'EXT-CA' -t CT,C,C -a -i

ipa         : ERROR    cert validation failed for "CN=central.ABC.com,O=
ABC.COM" ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.)
preparation of replica failed: cannot connect to '
(SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to