[Freeipa-users] Expired Certs
John Williams
john.1209 at yahoo.com
Fri Apr 17 13:28:00 UTC 2015
> You are going way to far back in time AFAICT. The certs expired on April
> 5 of this year so you don't need to go back to 2014. Just go back to
> April 3 or 4.
> You'll also need to restart IPA before kicking certmonger ipactl restart
> rob
******* SNIP *******
Thanks!!
Following your advice, it looks like only one of the eight certificates are now monitoring. Check out the following:
[root at ipa ~]# getcert list | grep -A1 status status: CA_UNREACHABLE ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.-- status: CA_UNREACHABLE ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.-- status: CA_UNREACHABLE ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.-- status: CA_UNREACHABLE ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.-- status: CA_UNREACHABLE ca-error: Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot be authenticated with known CA certificates.-- status: CA_UNREACHABLE ca-error: Server at https://ipa.infra.idef/ipa/xml failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: EXCEPTION (Invalid Credential.)).-- status: CA_UNREACHABLE ca-error: Server at https://ipa.infra.idef/ipa/xml failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: EXCEPTION (Invalid Credential.)).-- status: MONITORING ca-error: Server at https://ipa.infra.idef/ipa/xml denied our request, giving up: 2100 (RPC failed at server. Insufficient access: hostname in subject of request 'ipa.infra.idef' does not match principal hostname 'ipa').
How can I get the remaining certs fixed as well? Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150417/c2819d34/attachment.htm>
More information about the Freeipa-users
mailing list