[Freeipa-users] FreeIPA webserver cert expired.
Rob Crittenden
rcritten at redhat.com
Tue Jun 5 19:33:23 UTC 2012
JR Aquino wrote:
> On Jun 5, 2012, at 11:18 AM, Paul Tader wrote:
>
>> A couple days ago my (apache) certificates expired. Users are able to kinit but tools such as sudo fail because of the expired certificates. Lots of reading/Google'ing later I found this script (steps) to renew these certs:
>
> I'm just curious, but, isn't certmonger supposed to automatically renew these? Is certmonger failing in this case?
Yes, the first thing to do is figure out why certmonger didn't
automatically renew the certificates. Then it should be as simple as
setting the date back, letting certmonger do its thing, then setting it
forward again.
That is very strange certmonger output. You might try setting the date
back a couple of days and trying something like:
ipa-getcert resubmit -i 20110706215145
And see what the status goes to.
rob
More information about the Freeipa-users
mailing list