[Freeipa-users] IPA server having cert issues
Bret Wortman
bret.wortman at damascusgrp.com
Wed Apr 27 18:24:14 UTC 2016
I put excerpts from the ca logs in http://pastebin.com/gYgskU79. It
looks logical to me, but I can't spot anything that looks like a root
cause error. The selftests are all okay, I think. The debug log might
have something, but it might also just be complaining about ldap not
being up because it's not.
On 04/27/2016 01:11 PM, Rob Crittenden wrote:
> Bret Wortman wrote:
>> So in lieu of fixing these certs, is there an acceptable way to dump
>> them all and start over /without losing the contents of the IPA
>> database/? Or otherwise really screwing ourselves?
>
> I don't believe there is a way.
>
>> We have a replica that's still up and running and we've switched
>> everyone over to talking to it, but we're at risk with just the one.
>
> I'd ignore the two unknown certs for now. They look like someone was
> experimenting with issuing a cert and didn't quite get things working.
>
> The CA seems to be throwing an error. I'd check the syslog for
> messages from certmonger and look at the CA debug log and selftest log.
>
> rob
>
[snip]
More information about the Freeipa-users
mailing list