[Freeipa-users] Upgrade/Migration steps
Joshua J. Kugler
joshua at azariah.com
Wed Jun 19 21:47:13 UTC 2013
So, first roadblock encountered.
One of the reasons we're migrating off of this machine (besides the fact that
it is OLD) is that root CA cert has expired (the one used by Tomcat), and so
far I haven't found any documentation on renewing it. Well that presents a
problem (see attached).
It can't create a cert for the replica, because the root CA cert is expired.
:)
Can someone point me to docs that outline the step for renewing the root CA
cert?
I would be most grateful.
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
joshua at azariah.com - Jabber: pedahzur at gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A
-------------- next part --------------
# ipa-replica-prepare ipan.lab.whamcloud.com
Directory Manager (existing master) password:
Preparing replica for ipan.lab.whamcloud.com from ipa0.lab.whamcloud.com
Creating SSL certificate for the Directory Server
ipa: INFO: sslget 'https://ipa0.lab.whamcloud.com:9444/ca/ee/ca/profileSubmitSSLClient'
ipa: ERROR: cert validation failed for "CN=ipa0.lab.whamcloud.com,O=LAB.WHAMCLOUD.COM" ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.)
preparation of replica failed: cannot connect to 'https://ipa0.lab.whamcloud.com:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -8181] (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.
cannot connect to 'https://ipa0.lab.whamcloud.com:9444/ca/ee/ca/profileSubmitSSLClient': [Errno -8181] (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.
File "/usr/sbin/ipa-replica-prepare", line 438, in <module>
main()
File "/usr/sbin/ipa-replica-prepare", line 336, in main
export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dscert", replica_fqdn, subject_base)
File "/usr/sbin/ipa-replica-prepare", line 135, in export_certdb
raise e
More information about the Freeipa-users
mailing list