[Freeipa-users] Recovering from messed-up certs

Eric McCoy ctr2sprt at gmail.com
Thu Oct 23 15:40:57 UTC 2014

Hi all,

I somehow destroyed my primary IPA server's Server-Cert in
/etc/httpd/alias.  I don't understand how or why it happened, all I know is
that I went to restart Apache and it was gone.  Apache won't start, of
course, because the cert is missing.  I can't issue a new cert on the
primary because Apache is down.  I tried using the secondary, but it fails
saying that it can't connect to the web server on the primary (it's the
same error message I get when I try to issue a cert from the primary).  I
can't figure out how to tell ipa-getcert et al. to talk to the secondary
and not the primary.  I'm not using DNS for service discovery, so I'm not
sure how the various tools figure out where things are.

This is all on CentOS 6.5 with IPA 3.0.0-37.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141023/266038a1/attachment.htm>

More information about the Freeipa-users mailing list