[Freeipa-users] pki-tomcatd fails to start
Rob Crittenden
rcritten at redhat.com
Fri Jan 6 20:23:43 UTC 2017
Jeff Goddard wrote:
> Flo,
>
> I'm not able to access the link you posted. I did find this thread
> though
> https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html
> <https://www.redhat.com/archives/freeipa-users/2015-June/msg00144.html>
> and have set the time back and resubmitted a request. Still no success.
> Any further hints?
You need to stop ntpd, go back in time to when the certs are valid and
restart the certmonger service.
Then use getcert list to monitor things. You really only care about the
CA subsystem certs are this point.
You may need to restart certmonger more than once to get all the certs
updated (you can manually call getcert resubmit -i <id> if you'd prefer).
Once that is done return to present day, restart ntpd then ipactl restart.
rob
More information about the Freeipa-users
mailing list