Hi: I already done input new cert but ipa-replica-prepare central03.ABC.com (ipa 3.0) it fail with the error as below: which "location" I should check the old cert still inside some where
Below I already input CA / server cert ..and nssdb poting is right ..already spent serveral days to check where is it I also try direct use pfx for the cert directly but same error comesout...seem it still use old cert to compare. Any idea ? many thanks /var/lib/pki-ca/alias /etc/dirsrv/slapd-PKI-IPA/ /etc/dirsrv/slapd-ABC-COM/ /etc/httpd/alias/ /etc/pki/nssdb/ I use similar commands as below: and follow steps here: https web side already using new and dirsvr no error on starting only I cannot do replicas . https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP#Procedure_in_IPA_.3C_4.1 certutil -A -d /var/lib/pki-ca/alias/ -n 'EXT-CA' -t CT,C,C -a -i /root/ca.crt ipa : ERROR cert validation failed for "CN=central.ABC.com,O= ABC.COM" ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.) preparation of replica failed: cannot connect to ' https://central.ABCcom:9444/ca/ee/ca/profileSubmitSSLClient': (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired. Regards Barry
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project