[Pki-users] Urgent Help Needed - CA subsystem certificate renewal

Ade Lee alee at redhat.com
Tue Nov 18 15:27:52 UTC 2014 

The RA communicates with the CA using its subsystem cert.
Is that cert expired too?

You should look at the logs on the RA and the CA to try to see why the
requests are not being processed correctly.

Ade

On Sat, 2014-11-15 at 19:12 +0530, Kamal Perera wrote:
> Dear John (remembering the movie dear John :))
> 
> 
> Thank you for replying.
> 
> 
> all the four certificates (casubsystemCert, auditSigningCert,
> ocspSigningCert and serverCert) were expired, however after several
> tries, i was able to renew them by changing the system date back to a
> valid time and renew them via the pkiconsole. 
> 
> 
> Although it was successful, now RA and OCSP are not communicating with
> the CA. Which means, OCSP updates are not being published, and RA
> requests are not being signed (getting the CA:invalid request error).
> 
> 
> Any suggestion?
> 
> 
> On Fri, Nov 14, 2014 at 11:41 PM, John Magne <jmagne at redhat.com>
> wrote:
>         Hi:
>         
>         If you could, could you tell us exactly which certs are
>         expired?
>         
>         Also, related how much functionality does your CA have? Does
>         it
>         even start and field requests?
>         
>         thanks,
>         jack
>         
>         
>         
>         ----- Original Message -----
>         > From: "pki tech" <techpkiuser at gmail.com>
>         > To: pki-users at redhat.com
>         > Sent: Thursday, November 13, 2014 10:31:18 PM
>         > Subject: [Pki-users] Urgent Help Needed - CA subsystem
>         certificate renewal
>         >
>         > Dear All,
>         >
>         > In our Issuing CA, all the subsystem certificates are
>         expired except the
>         > caSigningCert.
>         >
>         > I can generate the new certificate requests via certutil,
>         but how can i get
>         > them signed?
>         >
>         > your swift response is appreciated.
>         >
>         > Regards,
>         > Kamal
>         >
>         
>         > _______________________________________________
>         > Pki-users mailing list
>         > Pki-users at redhat.com
>         > https://www.redhat.com/mailman/listinfo/pki-users
> 
> 
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list