[Freeipa-users] freeipa3.0.0 can't renew certificate
hao
hrayha at 163.com
Thu Mar 2 10:40:49 UTC 2017
now I execute getcert list,all certificate status MONITORING,but there was an error
ca-error: Internal error: no response to "http://ipaserver.xxx.io:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=2&renewal=true&xml=true"
At 2017-03-02 11:34:10, "hao" <hrayha at 163.com> wrote:
Hi:
I have finished reading http://www.freeipa.org/page/IPA_2x_Certificate_Renewal , before execute,I stop tracking all cert in `getcert list`
Now, only "issuer: CN=IPA RA,O=XXX.IO " certificate expires at 2018-02-28 08:14:38 UTC,other certificate still expires at 2017-02-15 06:10:36 UTC,
I execute
"for nickname in "auditSigningCert cert-pki-ca" "ocspSigningCert cert-pki-ca" "subsystemCert cert-pki-ca" "Server-Cert cert-pki-ca"
do
/usr/bin/getcert start-tracking -d /var/lib/pki-ca/alias -n "${nickname}" -c dogtag-ipa-renew-agent -P xxxxxx
done"
and all command in "http://www.freeipa.org/page/IPA_2x_Certificate_Renewal" but still no effect
I've tried “http://www.freeipa.org/page/Certmonger” “http://www.freeipa.org/page/Howto/CA_Certificate_Renewal” “http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master” before that,I'm not sure if there will be an error step
Please help me
Thank you
【网易自营|30天无忧退货】差旅打包必备“MUJI制造商梭织布多层收纳包”,让出行更完美>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170302/d41a474c/attachment.htm>
More information about the Freeipa-users
mailing list