<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 25.05.2016 04:36, Barry wrote:<br>
</div>
<blockquote
cite="mid:CAELz9du9dveEsO_Lg2xBmewGG_23=4WS+UT-i64v5SE99C=BeA@mail.gmail.com"
type="cite">
<p dir="ltr">Hi:</p>
<p dir="ltr">Which location i should renew cert?<br>
Http/alias<br>
Etc/dirsrv/slapd*</p>
<p dir="ltr">Enough?</p>
</blockquote>
<br>
We need to know if you have IPA configured with<br>
* externaly signed CA<br>
* or selfsigned CA<br>
* or if you have any other certificates from different CAs<br>
<br>
If I remember correctly you wrote in one email that you have a
certificate from godaddy, which certificate? <br>
<br>
In case you have self signed CA certificate you should follow:
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/Howto/CA_Certificate_Renewal">http://www.freeipa.org/page/Howto/CA_Certificate_Renewal</a><br>
<br>
Martin<br>
<blockquote
cite="mid:CAELz9du9dveEsO_Lg2xBmewGG_23=4WS+UT-i64v5SE99C=BeA@mail.gmail.com"
type="cite">
<div class="gmail_quote">2016年5月24日 下午10:01 於 "Rob Crittenden"
<<a moz-do-not-send="true" href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>>
寫道:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><a
moz-do-not-send="true" href="mailto:barrykfl@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:barrykfl@gmail.com">barrykfl@gmail.com</a></a> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
hi all:<br>
<br>
<br>
Thx ad title<br>
<br>
ipa : ERROR cert validation failed for "CN=<a
moz-do-not-send="true" href="http://server.abc.com"
rel="noreferrer" target="_blank">server.abc.com</a><br>
<<a moz-do-not-send="true" href="http://server.abc.com"
rel="noreferrer" target="_blank">http://server.abc.com</a>>,O=WISER
<a moz-do-not-send="true" href="http://S.COM"
rel="noreferrer" target="_blank">S.COM</a> <<a
moz-do-not-send="true" href="http://S.COM"
rel="noreferrer" target="_blank"><a class="moz-txt-link-freetext" href="http://S.COM">http://S.COM</a></a>>"<br>
((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has
expired.)<br>
preparation of replica failed: cannot connect to<br>
'<a moz-do-not-send="true" href="https://server.ABC.com:944"
rel="noreferrer" target="_blank">https://server.ABC.com:944</a>
4/ca/ee/ca/profileSubmitSSLClient':<br>
(SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certi ficate
has expired.<br>
cannot connect to<br>
'<a moz-do-not-send="true"
href="https://server.ABC.com:9444/ca/ee/ca/profileSubmitSSLClie"
rel="noreferrer" target="_blank">https://server.ABC.com:9444/ca/ee/ca/profileSubmitSSLClie</a>
nt':<br>
(SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has
expired.<br>
</blockquote>
<br>
The root of all your problems is that your certificates are
expired. Fixing this should be your priority. This is probably
going to involve going back in time to when the certificates
are still valid, restarting IPA, restarting certmonger and
waiting for things to properly renew. It can take some time as
the certificates don't all renew at once.<br>
<br>
I suspect that once renewed and returned to current time the
rest of your problems will, for the most part, go away.<br>
<br>
rob<br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>