ZD, Open the .crt file and delete the newline, header and footer. Now, update the CS.cfg with this value. Reference: https://www.dogtagpki.org/wiki/System_Certificate_Renewal#PKI_10.3_or_earlier_2 Regards,Dinesh On Sun, 2018-12-02 at 02:09 +0000, Z D wrote: > Thanks Dinesh, > > > I misread that argument for ca-cert-request-review is serial number, > but as you said it has to be request ID. Indeed, I made progress, > and > can retrieve renewed Cert: > > > > > [root@ca-ldap04 tmp]# pki ca-cert-show 0x8fff0090 --output > ipacert.crt > > ------------------------ > > Certificate "0x8fff0090" > > ------------------------ > > Serial Number: 0x8fff0090 > > Issuer: CN=Certificate Authority,O=DOMAIN.COM > > Subject: CN=IPA RA,O=DOMIAN.COM > > Status: VALID > > Not Before: Fri Aug 10 01:08:19 PDT 2018 > > Not After: Thu Jul 30 01:08:19 PDT 2020 > > > > > I also stopped PKI server, removed old cert from NSS database, and > installed new one. This is all for ipaCert. But before I start > renewing other ones (audit, ocsp, subsystem), I have to ask next > > > > > > [1] how to properly convert cert (.crt file) into one line? > > > > > > > I believe I need this in order to update below lines in CS.cfg file. > > > > > ca.audit_signing.cert=... > > ca.ocsp_signing.cert=... > > ca.subsystem.cert=... > > > > Thanks a lot for your support. Zarko > > > > > > From: Dinesh Prasanth Moluguwan Krishnamoorthy <dmolu...@redhat.com> > > Sent: Tuesday, November 27, 2018 9:56 AM > > To: Z D; John Magne; pki-users@redhat.com > > Subject: Re: [Pki-users] expired pki-server 10.3.3 certificates > > > > ZD, > > > > From [6], your request ID is 89990160. But, you are passing request > ID as 7 > > > > Regards, > Dinesh > > > > On Thu, 2018-11-22 at 06:17 +0000, Z D wrote: > > [6] Submit cert request, it's pending > > > > > > > > > > # pki ca-cert-request-submit caManualRenewal.xml > > > > ----------------------------- > > > > Submitted certificate request > > > > ----------------------------- > > > > Request ID: 89990160 > > > > Type: renewal > > > > Request Status: pending > > > > Operation Result: success > > > > > > > > > > > > [7] This fails with message "BadRequestException: Request Not In > > Pending State", as per [6] it should be in pending state > > > > > > > > > > # pki -v -d /etc/httpd/alias -c > > e7aae6f3eb9a62a54f2dd18b8d814aa4a579a61d -n ipaCert ca-cert- > > request-review 7 --action approve > > > > >
_______________________________________________ Pki-users mailing list Pki-users@redhat.com https://www.redhat.com/mailman/listinfo/pki-users
