[Freeipa-devel] certificate renewal
Vaede, Roger (Contractor)
Roger.Vaede at fincen.gov
Wed Oct 30 18:05:44 UTC 2013
I have two IPA servers, one primary and one is backup. (Redhat 5)
The primary servers certificate has expired.
I am not able to renew it.
I turned off the ssl on the clients and now the users can login.
I did a lot of research on certificate renewal and I am lost at this point.
I am able to make changes using the backup IPA server.
[root at xxxxx01 ~]# ipa-getcert list
Number of certificates and requests being tracked: 3.
Request ID '20131023184633':
status: CA_UNCONFIGURED
ca-error: Unable to determine principal name for signing request.
stuck: yes
key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='/usr/share/ipa/html/ca.crt',token='NSS Certificate DB'
certificate: type=NSSDB,location='/etc/httpd/alias',nickname='/usr/share/ipa/html/ca.crt'
CA: IPA
issuer:
subject:
expires: unknown
track: yes
auto-renew: yes
Request ID '20131023184901':
status: CA_UNCONFIGURED
ca-error: Unable to determine principal name for signing request.
stuck: yes
key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='/etc/httpd/conf/ssl.crt/hqfincen_root_ca.cer',token='NSS Certifica te DB'
certificate: type=NSSDB,location='/etc/httpd/alias',nickname='/etc/httpd/conf/ssl.crt/xxxxxx_root_ca.cer'
CA: IPA
issuer:
subject:
expires: unknown
track: yes
auto-renew: yes
Request ID '20131021155935':
status: NEED_KEY_GEN_PIN
stuck: yes
key pair storage: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ServerCert'
certificate: type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ServerCert'
CA: IPA
issuer:
subject:
expires: unknown
track: yes
auto-renew: yes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20131030/8219384c/attachment.htm>
More information about the Freeipa-devel
mailing list