[Freeipa-users] IPA certificates expired, please help!
Rob Crittenden
rcritten at redhat.com
Fri Jul 15 21:08:56 UTC 2016
Linov Suresh wrote:
> I logged into my IPA master, and found that the cert had expired again,
> we renewed these certificates about 18 months ago.
>
> Our environment is CentOS 6.4 and IPA 3.0.0-26.
>
>
> I followed the Redhat documentation,How do I manually renew Identity
> Management (IPA) certificates after they have expired? (Master IPA
> Server), https://access.redhat.com/solutions/643753 but no luck.
>
>
> I have also changed the directive "NSSEnforceValidCerts off" in
> /etc/httpd/conf.d/nss.conf and the value of nsslapd-validate-cert is warn.
>
> ldapsearch -x -h localhost -p 7389 -D 'cn=directory manager' -w *******
> -b cn=config | grep nsslapd-validate-cert
>
> nsslapd-validate-cert: warn
>
> Here is my getcert list,
>
> [root at caer ~]# getcert list
It looks like your CA subsystem certificates all renewed successfully it
is just the webserver and LDAP certificates that need renewing so that's
good.
What I'd do is go back in time again to say Jan 20, 2016 and restart
certmonger. That should make it retry the renewals.
rob
More information about the Freeipa-users
mailing list