[Freeipa-users] Confused with certificate renewal ipa-server-3.0.0.0-37.el6.x86_64
Nalin Dahyabhai
nalin at redhat.com
Thu Jan 8 19:07:27 UTC 2015
On Thu, Jan 08, 2015 at 01:27:26PM -0500, John Desantis wrote:
> > Would file corruption within the file of the "Request ID" in
> > /var/lib/certmonger/request have anything to do with this?
> >
> > autorenew=1
> > monitor=1
> > ca_name=dogtag-ipa-retrieve-agent-submit
> > ca_profile=ipaCert
> > submitted=20141228050011
> > cert=ESC[?1034h-----BEGIN CERTIFICATE-----
> >
> > I checked a few other random client nodes (and the master) and none of
> > them are showing this corruption in their requests.
> >
> > I attempted to fix the corruption (editing the file) and subsequently
> > restart certmonger with no luck.
Yes, that'd do it. The file is saved when the daemon exits, so you'd
need to shut it down before editing it, as Rob suggested.
Alternately, you could update certmonger to at least 0.69 and use
getcert resubmit -d /etc/httpd/alias -d ipaCert
to force it to re-fetch the data in a way that should avoid triggering
the bug in the ticket Rob linked (which was also #1032760 in Red Hat
bugzilla).
HTH,
Nalin
More information about the Freeipa-users
mailing list