e approved client SSL certs kept in IPA?
cya
Craig
_______
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
e="method_return", sender=":1.2"
(uid=70 pid=407 comm="avahi-daemon: starting up ") interface="(unset)"
member="(unset)" error name="(unset)" requested_reply="0"
destination=":1.2700" (uid=365 pid=21991 comm="evince
/data/download/DOC200913-20092013104309.pdf")
Sep 20 17:50:01 craigpc sssd[be[teratext.saic.com.au]]: dereference
processing failed : Input/output error
cya
Craig
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
t/ca/displayBySerial':
[Errno -12269] (SSL_ERROR_EXPIRED_CERT_ALERT) SSL peer rejected your
certificate as expired.
Any advise would be greatly appreciated!
cya
Craig
_______
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
14 06:45:05 2014
#Command:
for nickname in "auditSigningCert cert-pki-ca" "ocspSigningCert cert-pki-ca"
"subsystemCert cert-pki-ca" "Server-Cert cert-pki-ca"
do
/usr/bin/getcert start-tracking -d /var/lib/pki-ca/alias
enew-agent" found.
> >No CA with name "dogtag-ipa-renew-agent" found.
> >No CA with name "dogtag-ipa-renew-agent" found.
> >
> >
> >2)Upgrade instead?
> >I could potentionally upgrade the ipa-server to "3.0.0-37.el6", would this
> >version be able to automatically update the certificates?
> >
> >cya
> >
> >Craig
> >
>
> You need certmonger-0.58-1 or higher to get the
> dogtag-ipa-renew-agent CA and other fixed. I'll update the wiki with
> that, sorry for the oversight.
>
> You could try updating to 3.0. If you do decide to try upgrading I
> think I'd go back in time when all the certs are valid first as some
> services will be restarted during the upgrade and we don't want the
> upgrade blowing up in the middle because of expired certs.
>
> rob
I'll give the upgrade a go, say I go back to the older date and IPA
starts fine. Won't the certs still have a hard expiry date on them, so
I'll need to follow the
http://www.freeipa.org/page/IPA_2x_Certificate_Renewal procedure?
cya
Craig
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
gt; >>
> >>rob
> >I'll give the upgrade a go, say I go back to the older date and IPA
> >starts fine. Won't the certs still have a hard expiry date on them, so
> >I'll need to follow the
> >http://w
ved the dates back
to normal and all the services are working :)
I did notice the "auditSigningCert cert-pki-ca" has two certificates, one old
one and a new one. The getcert list command is only showing the new one, so I
figure all is well.
auditSigningCert cert-pki-ca
Certificate:
Validi
