[Freeipa-users] Subsystem certs not renewed
Federico Nebiolo
iconeb at yahoo.it
Mon Oct 14 14:45:29 UTC 2013
Dear IPA users,
My IPA 3.0 installation on CentOS 6.4 (coming from a 2.2 upgrade)
suddenly stopped working for the CA part.
I'm not sure this is the root of all the issues, but subsystem
certificates was expired and not renewed: getcert list gives a similar
output for all of them, and I don't know how to proceed.
[]# getcert list -c dogtag-ipa-renew-agent
Request ID '20130902075915':
status: MONITORING
ca-error: No end-entity URL (-E) given, and no default known.
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=XXXX
subject: CN=RA Subsystem,O=XXXX
expires: 2013-10-11 07:44:12 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert
track: yes
auto-renew: yes
Do you have any hints on how to solve?
Many thanks in advance
federico
More information about the Freeipa-users
mailing list