Ok I found my issue. I didn't realize the server I initially tried to
setup as the new master CA was 32 bit. What clued me in was
the renew_ca_cert and stop_pkicad commands including a 64bit path in
setting the certificates to be tracked in certmonger. But that path didn't
exist on this
John Desantis wrote:
Marc,
Unfortunately, I've never had to promote a replica to become the CA
master in our environment.
Is the host that's reporting the error the URL of the old master or the
replica? Did you check the CS.cfg to see if the replica certificate is
present vs. the old master?
Marc,
I experienced a similar issue earlier this year.
Try restarting certmonger after temporarily changing the date back on
the master. In our case that service had failed miserably and it
didn't allow FreeIPA to renew the certificates properly.
Our replicas however were hit with a bug [1]
hello,
I've got a problem with expired certificates in my ipa/IdM setup. I
believe the root issue to be from the fact that when everything was first
setup about a year ago and everything was replicated from a first ipa
server which no longer exists. There are currently 3 ipa servers but none
of