[Freeipa-users] Ipa replica cannot gen as cert expire which folder I should replace new cert???
Barry
kliu at alumni.warwick.ac.uk
Wed May 25 02:36:47 UTC 2016
Hi:
Which location i should renew cert?
Http/alias
Etc/dirsrv/slapd*
Enough?
2016年5月24日 下午10:01 於 "Rob Crittenden" <rcritten at redhat.com> 寫道:
> barrykfl at gmail.com wrote:
>
>> hi all:
>>
>>
>> Thx ad title
>>
>> ipa : ERROR cert validation failed for "CN=server.abc.com
>> <http://server.abc.com>,O=WISER S.COM <http://S.COM>"
>> ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.)
>> preparation of replica failed: cannot connect to
>> 'https://server.ABC.com:944 4/ca/ee/ca/profileSubmitSSLClient':
>> (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certi ficate has expired.
>> cannot connect to
>> 'https://server.ABC.com:9444/ca/ee/ca/profileSubmitSSLClie nt':
>> (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.
>>
>
> The root of all your problems is that your certificates are expired.
> Fixing this should be your priority. This is probably going to involve
> going back in time to when the certificates are still valid, restarting
> IPA, restarting certmonger and waiting for things to properly renew. It can
> take some time as the certificates don't all renew at once.
>
> I suspect that once renewed and returned to current time the rest of your
> problems will, for the most part, go away.
>
> rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160525/7d11dd1f/attachment.htm>
More information about the Freeipa-users
mailing list