[Pki-users] expired pki-server 10.3.3 certificates

Z D zarko at etcfstab.com
Sun Dec 2 02:09:32 UTC 2018 

Thanks Dinesh,

I misread that argument for ca-cert-request-review is serial number, but as you said it has to be request ID.  Indeed, I made progress, and can retrieve renewed Cert:


[root at ca-ldap04 tmp]# pki ca-cert-show 0x8fff0090 --output ipacert.crt
------------------------
Certificate "0x8fff0090"
------------------------
  Serial Number: 0x8fff0090
  Issuer: CN=Certificate Authority,O=DOMAIN.COM
  Subject: CN=IPA RA,O=DOMIAN.COM
  Status: VALID
  Not Before: Fri Aug 10 01:08:19 PDT 2018
  Not After: Thu Jul 30 01:08:19 PDT 2020


I also stopped PKI server, removed old cert from NSS database, and installed new one. This is all for ipaCert. But before I start renewing other ones (audit, ocsp, subsystem), I have to ask next


[1] how to properly convert cert (.crt file) into one line?


I believe I need this in order to update below lines in CS.cfg file.

ca.audit_signing.cert=...
ca.ocsp_signing.cert=...
ca.subsystem.cert=...


Thanks a lot for your support. Zarko

________________________________
From: Dinesh Prasanth Moluguwan Krishnamoorthy <dmoluguw at redhat.com>
Sent: Tuesday, November 27, 2018 9:56 AM
To: Z D; John Magne; pki-users at redhat.com
Subject: Re: [Pki-users] expired pki-server 10.3.3 certificates

ZD,

>From [6], your request ID is 89990160. But, you are passing request ID as 7

Regards,
Dinesh

On Thu, 2018-11-22 at 06:17 +0000, Z D wrote:
[6] Submit cert request, it's pending

# pki ca-cert-request-submit caManualRenewal.xml
-----------------------------
Submitted certificate request
-----------------------------
  Request ID: 89990160
  Type: renewal
  Request Status: pending
  Operation Result: success


[7] This fails with message  "BadRequestException: Request Not In Pending State", as per [6] it should be in pending state

# pki -v -d /etc/httpd/alias -c e7aae6f3eb9a62a54f2dd18b8d814aa4a579a61d -n ipaCert ca-cert-request-review 7 --action approve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20181202/959ea433/attachment.htm>

More information about the Pki-users mailing list