[Freeipa-users] Ipa replica cannot gen as cert expire which folder I should replace new cert???
Martin Basti
mbasti at redhat.com
Wed May 25 11:30:35 UTC 2016
On 25.05.2016 04:36, Barry wrote:
>
> Hi:
>
> Which location i should renew cert?
> Http/alias
> Etc/dirsrv/slapd*
>
> Enough?
>
We need to know if you have IPA configured with
* externaly signed CA
* or selfsigned CA
* or if you have any other certificates from different CAs
If I remember correctly you wrote in one email that you have a
certificate from godaddy, which certificate?
In case you have self signed CA certificate you should follow:
http://www.freeipa.org/page/Howto/CA_Certificate_Renewal
Martin
> 2016年5月24日 下午10:01 於 "Rob Crittenden" <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> 寫道:
>
> barrykfl at gmail.com <mailto:barrykfl at gmail.com> wrote:
>
> hi all:
>
>
> Thx ad title
>
> ipa : ERROR cert validation failed for
> "CN=server.abc.com <http://server.abc.com>
> <http://server.abc.com>,O=WISER S.COM <http://S.COM>
> <http://S.COM>"
> ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.)
> preparation of replica failed: cannot connect to
> 'https://server.ABC.com:944
> 4/ca/ee/ca/profileSubmitSSLClient':
> (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certi ficate
> has expired.
> cannot connect to
> 'https://server.ABC.com:9444/ca/ee/ca/profileSubmitSSLClie
> nt':
> (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.
>
>
> The root of all your problems is that your certificates are
> expired. Fixing this should be your priority. This is probably
> going to involve going back in time to when the certificates are
> still valid, restarting IPA, restarting certmonger and waiting for
> things to properly renew. It can take some time as the
> certificates don't all renew at once.
>
> I suspect that once renewed and returned to current time the rest
> of your problems will, for the most part, go away.
>
> rob
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160525/b5d540ea/attachment.htm>
More information about the Freeipa-users
mailing list