<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div dir="ltr" id="yui_3_16_0_1_1428694803812_8168">I've inhereted an IPA infrastructure for a group in my organization.  So I've got a RHEL instance with a IPA 3.0.0 server with expired certs.</div><div dir="ltr" id="yui_3_16_0_1_1428694803812_8166"><br></div><div dir="ltr" class="" style="" id="yui_3_16_0_1_1428694803812_8485">[root@ipa ~]# rpm -qa | grep ipa-server</div><div dir="ltr" class="" style="" id="yui_3_16_0_1_1428694803812_8193">ipa-server-selinux-3.0.0-26.el6_4.2.x86_64</div><div dir="ltr" class="" style="" id="yui_3_16_0_1_1428694803812_8194">ipa-server-3.0.0-26.el6_4.2.x86_64</div><div dir="ltr" class="" style="" id="yui_3_16_0_1_1428694803812_8195">[root@ipa ~]# </div><div dir="ltr" class="" style="" id="yui_3_16_0_1_1428694803812_8195"><br></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8195" style=""><br></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">[root@ipa ~]# getcert list</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Number of certificates and requests being tracked: 8.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Request ID '20130404232110':</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>status: CA_UNREACHABLE</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>ca-error: Error 7 connecting to http://ipa.infra.idef:9180/ca/ee/ca/profileSubmit: Couldn't connect to server.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>stuck: no</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin='242557339296'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>CA: dogtag-ipa-renew-agent</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>issuer: CN=Certificate Authority,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>subject: CN=CA Audit,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>expires: 2017-02-15 19:26:38 UTC</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>key usage: digitalSignature,nonRepudiation</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>pre-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>post-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>track: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>auto-renew: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Request ID '20130404232111':</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>status: CA_UNREACHABLE</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>ca-error: Error 7 connecting to http://ipa.infra.idef:9180/ca/ee/ca/profileSubmit: Couldn't connect to server.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>stuck: no</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin='242557339296'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>CA: dogtag-ipa-renew-agent</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>issuer: CN=Certificate Authority,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>subject: CN=OCSP Subsystem,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>expires: 2017-02-15 19:25:38 UTC</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>eku: id-kp-OCSPSigning</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>pre-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>post-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>track: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>auto-renew: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Request ID '20130404232112':</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>status: CA_UNREACHABLE</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>ca-error: Error 7 connecting to http://ipa.infra.idef:9180/ca/ee/ca/profileSubmit: Couldn't connect to server.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>stuck: no</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB',pin='242557339296'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>CA: dogtag-ipa-renew-agent</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>issuer: CN=Certificate Authority,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>subject: CN=CA Subsystem,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>expires: 2017-02-15 19:25:38 UTC</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>eku: id-kp-serverAuth,id-kp-clientAuth</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>pre-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>post-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>track: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>auto-renew: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Request ID '20130404232113':</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>status: CA_UNREACHABLE</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>ca-error: Error 7 connecting to http://ipa.infra.idef:9180/ca/ee/ca/profileSubmit: Couldn't connect to server.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>stuck: no</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">     </span>certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>CA: dogtag-ipa-renew-agent</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>issuer: CN=Certificate Authority,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>subject: CN=IPA RA,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>expires: 2017-02-15 19:25:38 UTC</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>eku: id-kp-serverAuth,id-kp-clientAuth</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>pre-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>post-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>track: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>auto-renew: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Request ID '20130404232114':</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>status: CA_UNREACHABLE</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>ca-error: Error 7 connecting to http://ipa.infra.idef:9180/ca/ee/ca/profileSubmit: Couldn't connect to server.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>stuck: no</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin='242557339296'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>CA: dogtag-ipa-renew-agent</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>issuer: CN=Certificate Authority,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>subject: CN=ipa.infra.idef,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>expires: 2017-02-15 19:25:38 UTC</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>eku: id-kp-serverAuth,id-kp-clientAuth</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>pre-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>post-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>track: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>auto-renew: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Request ID '20130404232127':</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>status: CA_UNREACHABLE</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>ca-error: Error setting up ccache for "host" service on client using default keytab: Cannot contact any KDC for realm 'IDEF'.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>stuck: no</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-IDEF',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-IDEF/pwdfile.txt'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">     </span>certificate: type=NSSDB,location='/etc/dirsrv/slapd-IDEF',nickname='Server-Cert',token='NSS Certificate DB'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>CA: IPA</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>issuer: CN=Certificate Authority,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>subject: CN=ipa.infra.idef,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>expires: 2015-04-05 23:21:26 UTC</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>eku: id-kp-serverAuth,id-kp-clientAuth</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>pre-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>post-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>track: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>auto-renew: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Request ID '20130404232155':</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>status: CA_UNREACHABLE</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>ca-error: Error setting up ccache for "host" service on client using default keytab: Cannot contact any KDC for realm 'IDEF'.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>stuck: no</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA/pwdfile.txt'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>certificate: type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS Certificate DB'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>CA: IPA</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>issuer: CN=Certificate Authority,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>subject: CN=ipa.infra.idef,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>expires: 2015-04-05 23:21:54 UTC</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>eku: id-kp-serverAuth,id-kp-clientAuth</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>pre-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>post-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>track: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>auto-renew: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Request ID '20130404232517':</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>status: CA_UNREACHABLE</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>ca-error: Error setting up ccache for "host" service on client using default keytab: Cannot contact any KDC for realm 'IDEF'.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>stuck: no</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB'</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">     </span>CA: IPA</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>issuer: CN=Certificate Authority,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>subject: CN=ipa.infra.idef,O=IDEF</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre"> </span>expires: 2015-04-05 23:25:17 UTC</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">       </span>eku: id-kp-serverAuth,id-kp-clientAuth</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">    </span>pre-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">   </span>post-save command: </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">  </span>track: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><span class="" style="white-space:pre">        </span>auto-renew: yes</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><br></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Now, I've tried following the instructions under the following link for fixing expired certs:</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><br></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><a href="https://www.freeipa.org/page/Howto/CA_Certificate_Renewal" id="yui_3_16_0_1_1428694803812_8774">https://www.freeipa.org/page/Howto/CA_Certificate_Renewal</a><br></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><br></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">However, I run into a many issues, first I don't know what the <pin> is referenced very early on the instruction set.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><br></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">I Googled a bit an saw some advice about rolling the clock back, then restarting certmonger to renew the certs. Here is the output of that process.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><br></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">[root@ipa ~]# date</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Thu Apr 10 00:13:51 EDT 2014</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">[root@ipa ~]# /etc/init.d/certmonger restart</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Stopping certmonger:                                       [  OK  ]</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Starting certmonger:                                       [  OK  ]</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">[root@ipa ~]# </div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><br class="" style=""></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">That did not work.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><br></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><br></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Here are some errors from syslog</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><br class="" style=""></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Apr 10 00:13:57 ipa certmonger: Error setting up ccache for "host" service on client using default keytab: Cannot contact any KDC for realm ‘MyORG’.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Apr 10 00:13:57 ipa certmonger: Error 7 connecting to http://myhost.mydomain.com:9180/ca/ee/ca/profileSubmit: Couldn't connect to server.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Apr 10 00:13:57 ipa certmonger: Error setting up ccache for "host" service on client using default keytab: Cannot contact any KDC for realm 'MyORG'.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Apr 10 00:13:57 ipa certmonger: Error setting up ccache for "host" service on client using default keytab: Cannot contact any KDC for realm 'MyORG'.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><br></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Any ideas would greatly be appreciated.</div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style=""><br></div><div dir="ltr" class="" id="yui_3_16_0_1_1428694803812_8173" style="">Thanks.</div><div dir="ltr" class="" style="" id="yui_3_16_0_1_1428694803812_8173"><br class="" style=""></div></div></body></html>