Hi Adam,
With the change to ldap instead of ldaps on the CA master that you
suggested I was able to move the system clock to before the certificate
expiry time then do
ipactl start --ignore-service-failures
systemctl start pki-tomcat@pki-tomcat.service
then start the pki ca service manually as
Hello,
we hit similar issue (although due to different conditions - we rotated
root CA cert and then newly issued certificates were wrongly signed), we
were also unable to start tomcat. If I remember correctly, we switched dogtag
to use simple binds instead of TLS to connect to LDAP this way.
1.