[Freeipa-users] Replica Cert failed to renew ...
Matt Bryant
matthew.bryant at melbourneit.com.au
Thu Jul 31 05:49:13 UTC 2014
All,
Got an issue with an IPA replica in that the certs in /etc/httpd/alias &
/etc/dirsrv/slapd-IPA-REALM have expired.
Have tried setting date back before expiry on the replica and doing an
'ipa-getcert resubmit -i <id>' but that hasn't worked it looks like the
CA master is actually rejecting it since the havent set the date back on
that server.
Error am getting on replica is ...
Request ID '20120719044839':
status: CA_UNREACHABLE
ca-error: Server failed request, will retry: -504 (libcurl failed
to execute the HTTP POST transaction. Peer certificate cannot be
authenticated with known CA certificates).
is there any way of forcing a re-newel or manual process for updating
these certs .. ???
thx & rgds
Matt Bryant
More information about the Freeipa-users
mailing list