[Pki-users] Urgent Help Needed - CA subsystem certificate renewal
Kamal Perera
techpkiuser at gmail.com
Sat Nov 15 13:42:55 UTC 2014
Dear John (remembering the movie dear John :))
Thank you for replying.
all the four certificates (casubsystemCert, auditSigningCert,
ocspSigningCert and serverCert) were expired, however after several tries,
i was able to renew them by changing the system date back to a valid time
and renew them via the pkiconsole.
Although it was successful, now RA and OCSP are not communicating with the
CA. Which means, OCSP updates are not being published, and RA requests are
not being signed (getting the CA:invalid request error).
Any suggestion?
On Fri, Nov 14, 2014 at 11:41 PM, John Magne <jmagne at redhat.com> wrote:
> Hi:
>
> If you could, could you tell us exactly which certs are expired?
>
> Also, related how much functionality does your CA have? Does it
> even start and field requests?
>
> thanks,
> jack
>
>
>
> ----- Original Message -----
> > From: "pki tech" <techpkiuser at gmail.com>
> > To: pki-users at redhat.com
> > Sent: Thursday, November 13, 2014 10:31:18 PM
> > Subject: [Pki-users] Urgent Help Needed - CA subsystem certificate
> renewal
> >
> > Dear All,
> >
> > In our Issuing CA, all the subsystem certificates are expired except the
> > caSigningCert.
> >
> > I can generate the new certificate requests via certutil, but how can i
> get
> > them signed?
> >
> > your swift response is appreciated.
> >
> > Regards,
> > Kamal
> >
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20141115/8b8fb274/attachment.htm>
More information about the Pki-users
mailing list