[Freeipa-users] Ipa replica cannot gen as cert expire which folder I should replace new cert???
Rob Crittenden
rcritten at redhat.com
Tue May 24 14:01:54 UTC 2016
barrykfl at gmail.com wrote:
> hi all:
>
>
> Thx ad title
>
> ipa : ERROR cert validation failed for "CN=server.abc.com
> <http://server.abc.com>,O=WISER S.COM <http://S.COM>"
> ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.)
> preparation of replica failed: cannot connect to
> 'https://server.ABC.com:944 4/ca/ee/ca/profileSubmitSSLClient':
> (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certi ficate has expired.
> cannot connect to
> 'https://server.ABC.com:9444/ca/ee/ca/profileSubmitSSLClie nt':
> (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.
The root of all your problems is that your certificates are expired.
Fixing this should be your priority. This is probably going to involve
going back in time to when the certificates are still valid, restarting
IPA, restarting certmonger and waiting for things to properly renew. It
can take some time as the certificates don't all renew at once.
I suspect that once renewed and returned to current time the rest of
your problems will, for the most part, go away.
rob
More information about the Freeipa-users
mailing list