[Freeipa-users] Expired Certs on 3.0.0 IPA host
Rob Crittenden
rcritten at redhat.com
Wed Apr 8 19:48:25 UTC 2015
John Williams wrote:
> I'm looking at the following link for recovering expired certificates on
> FreeeIPA 3.0.0:
>
> https://www.freeipa.org/page/Howto/CA_Certificate_Renewal
>
>
> Problem is when Iook inside my /etc/pki-ca/CS.cfg file for a
> subsystemCert I do not find one. I see the other three:
>
> auditSigningCert cert-pki-ca => updated
> ocspSigningCert cert-pki-ca => updated
> Server-Cert cert-pki-ca => no cert here
> subsystemCert cert-pki-ca => updated
>
> Has anyone ever run across this? Any suggestions or hints would be
> appreciated. If I role the clock back on my system I can login to IPA,
> but if the time is updated, I cannot login.
>
> Please help.
Why do you need this value? For the record it is ca.sslserver.cert.
rob
More information about the Freeipa-users
mailing list