John Williams wrote:
> I'm looking at the following link for recovering expired certificates on
> FreeeIPA 3.0.0:
>
> https://www.freeipa.org/page/Howto/CA_Certificate_Renewal
>
>
> Problem is when Iook inside my /etc/pki-ca/CS.cfg file for a
> subsystemCert I do not find one. I see the other three:
>
> auditSigningCert cert-pki-ca => updated
> ocspSigningCert cert-pki-ca => updated
> Server-Cert cert-pki-ca => no cert here
> subsystemCert cert-pki-ca => updated
>
> Has anyone ever run across this? Any suggestions or hints would be
> appreciated. If I role the clock back on my system I can login to IPA,
> but if the time is updated, I cannot login.
>
> Please help.
Why do you need this value? For the record it is ca.sslserver.cert.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project