<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div dir="ltr">[ snip ]<br></div><div id="yui_3_16_0_1_1429208191129_7406"><div id="yui_3_16_0_1_1429208191129_7405"><div class="y_msg_container" id="yui_3_16_0_1_1429208191129_7404" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><div class="qtdSeparateBR"><br><br></div><div class="yqt9125016244" id="yqtfd14153"><br clear="none"><br clear="none">> <br clear="none">> [<a shape="rect" ymailto="mailto:root@ipa" href="mailto:root@ipa">root@ipa</a> ~]# date<br clear="none">> Thu Apr 10 00:13:51 EDT 2014<br clear="none">> [<a shape="rect" ymailto="mailto:root@ipa" href="mailto:root@ipa">root@ipa</a> ~]# /etc/init.d/certmonger restart<br clear="none">> Stopping certmonger:                                       [  OK  ]<br clear="none">> Starting certmonger:                                       [  OK  ]<br clear="none">> [<a shape="rect" ymailto="mailto:root@ipa" href="mailto:root@ipa">root@ipa</a></div> ~]# <br clear="none"><br clear="none">You are going way to far back in time AFAICT. The certs expired on April<br clear="none">5 of this year so you don't need to go back to 2014. Just go back to<br clear="none">April 3 or 4.<br clear="none"><br clear="none">You'll also need to restart IPA before kicking certmonger ipactl restart<br clear="none"><br clear="none">rob<div class="yqt9125016244" id="yqtfd70200"><br clear="none"></div><br>Thanks Rob,</div><div class="y_msg_container" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;" id="yui_3_16_0_1_1429208191129_7456"><br></div><div class="y_msg_container" dir="ltr" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;">Following your advice, it looks like only one of the eight certificates are now monitoring.  Check out the following:</div><div class="y_msg_container" dir="ltr" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><br></div><div class="y_msg_container" dir="ltr" id="yui_3_16_0_1_1429208191129_7455"><div class="" dir="ltr" style=""><br class="" style=""></div><div class="" dir="ltr" style="">[root@ipa ~]# getcert list | grep -A1 status</div><div class="" dir="ltr" style=""><span class="" style="white-space:pre">      </span>status: CA_UNREACHABLE</div><div class="" dir="ltr" style=""><span class="" style="white-space:pre">   </span>ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.</div><div class="" dir="ltr" style="">--</div><div class="" dir="ltr" style=""><span class="" style="white-space:pre">  </span>status: CA_UNREACHABLE</div><div class="" dir="ltr" style=""><span class="" style="white-space:pre">   </span>ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.</div><div class="" dir="ltr" style="">--</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7454"><span class="" style="white-space:pre">   </span>status: CA_UNREACHABLE</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7457"><span class="" style="white-space:pre">    </span>ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7473">--</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7474"><span class="" style="white-space:pre">    </span>status: CA_UNREACHABLE</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7475"><span class="" style="white-space:pre">    </span>ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7476">--</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7477"><span class="" style="white-space:pre">    </span>status: CA_UNREACHABLE</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7478"><span class="" style="white-space:pre">    </span>ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7479">--</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7480"><span class="" style="white-space:pre">    </span>status: CA_UNREACHABLE</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7481"><span class="" style="white-space:pre">    </span>ca-error: Server at https://ipa.infra.idef/ipa/xml failed request, will retry: 4301 (RPC failed at server.  Certificate operation cannot be completed: EXCEPTION (Invalid Credential.)).</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7482">--</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7483"><span class="" style="white-space:pre">   </span>status: CA_UNREACHABLE</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7484"><span class="" style="white-space:pre">    </span>ca-error: Server at https://ipa.infra.idef/ipa/xml failed request, will retry: 4301 (RPC failed at server.  Certificate operation cannot be completed: EXCEPTION (Invalid Credential.)).</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7485">--</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7486"><span class="" style="white-space:pre">   </span>status: MONITORING</div><div class="" dir="ltr" style="" id="yui_3_16_0_1_1429208191129_7487"><span class="" style="white-space: pre;">      </span>ca-error: Server at https://ipa.infra.idef/ipa/xml denied our request, giving up: 2100 (RPC failed at server.  Insufficient access: hostname in subject of request 'ipa.infra.idef' does not match principal hostname 'ipa').</div></div> <div class="" dir="ltr" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;" id="yui_3_16_0_1_1429208191129_7488"><br class="" style=""></div><div class="" dir="ltr" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;" id="yui_3_16_0_1_1429208191129_7489">How can I get the remaining certs fixed as well?  Thanks in advance.</div><div class="" dir="ltr" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;" id="yui_3_16_0_1_1429208191129_7490"><br></div></div> </div>  </div></body></html>