[Freeipa-users] Could not find cert: Signing-Cert : File not found
Linov Suresh
linov.suresh at gmail.com
Tue Jul 26 16:20:37 UTC 2016
I was following the same documentation as IPA master for the replica for
the certificate renewal. But was unsuccessful.
Should we use "How do I manually renew Identity Management (IPA)
certificates after they have expired? (Replica IPA Server)" -
https://access.redhat.com/solutions/962373 ?
On Mon, Jul 25, 2016 at 6:17 PM, Linov Suresh <linov.suresh at gmail.com>
wrote:
> We were not sure that Signing-Cert required for LDAP/Apache certificates
> renewal. Thank you very much for your update Rob. We are going to renew the
> certificates without Signing-Cert.
>
> On Mon, Jul 25, 2016 at 6:08 PM, Rob Crittenden <rcritten at redhat.com>
> wrote:
>
>> Linov Suresh wrote:
>>
>>> We are using CentOS 6.4/FreeIPA 3.0.0
>>>
>>> LDAP/Apache certificates were expired and when we tried to renew, we
>>> found Signing-Cert is missing.
>>>
>>> # certutil -L -d /etc/httpd/alias -n Signing-Cert certutil: Could not
>>> find cert: Signing-Cert : File not found
>>>
>>> How do we recreate Signing-Cert certificate? We use master-master
>>> replica. Please help.
>>>
>>>
>>>
>> Only the initial master got a signing cert IIRC. It was used to sign the
>> Firefox configuration jar. Are you using this? Recent versions of Firefox
>> don't allow this kind of signed jar anymore and it has been dropped
>> upstream.
>>
>> Are you just trying to be thorough or is this causing some real problem?
>>
>> rob
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160726/9b187923/attachment.htm>
More information about the Freeipa-users
mailing list