Re: [Freeipa-users] Certificates not renewed [SOLVED]
Great, thanks for the follow-up. I was a bit too soon. After sending the mail, I saw that the freeipa web GUI no longer worked. It turned out that I ended up with two certificates with the name Server-Cert in both the httpd and slapd certificate databases. It doesn't seem to be possible using certutil to selectively delete one of the two certificates, so I exported both, deleted both, and used an ASCII editor to extract the correct one and reimport it. After restarting httpd, the web gui now works again. Tom ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Certificates not renewed [SOLVED]
Thomas Sailer wrote: I seem to be a victim of BZ 675742 I've fixed this, now I get the following error: Request ID '2016140151': status: CA_UNREACHABLE ca-error: Server failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: FAILURE (Profile caIPAserviceCert Not Found)). chown pkiuser.pkiuser /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg and systemctl restart pki-cad@pki-ca.service has fixed it, all tracked certs are now in MONITORING state Great, thanks for the follow-up. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users