[Freeipa-users] Replica Cert failed to renew ...

Matt Bryant matthew.bryant at melbourneit.com.au
Thu Jul 31 05:49:13 UTC 2014


All,

Got an issue with an IPA replica in that the certs in /etc/httpd/alias & 
/etc/dirsrv/slapd-IPA-REALM have expired.

Have tried setting date back before expiry on the replica and doing an 
'ipa-getcert resubmit -i <id>' but that hasn't worked it looks like the 
CA master is actually rejecting it since the havent set the date back on 
that server.

Error am getting on replica is ...

Request ID '20120719044839':
     status: CA_UNREACHABLE
     ca-error: Server failed request, will retry: -504 (libcurl failed 
to execute the HTTP POST transaction.  Peer certificate cannot be 
authenticated with known CA certificates).

is there any way of forcing a re-newel or manual process for updating 
these certs .. ???

thx & rgds

Matt Bryant




More information about the Freeipa-users mailing list