[Freeipa-devel] certificate renewal
Vaede, Roger (Contractor)
Roger.Vaede at fincen.gov
Wed Oct 30 18:36:56 UTC 2013
I never installed freeipa, the person that installed it left the company.
I removed the request ID at one point by using the stop-tracking command then I used this command to reinstate them:
ipa-getcert start-tracking -d /var/lib/pki-ca/alias -n ServerCert -r
Initially they expired around October 25th.
Regards
Roger
-----Original Message-----
From: Rob Crittenden [mailto:rcritten at redhat.com]
Sent: Wednesday, October 30, 2013 2:30 PM
To: Vaede, Roger (Contractor); 'freeipa-devel at redhat.com'
Subject: Re: [Freeipa-devel] certificate renewal
Vaede, Roger (Contractor) wrote:
> I have two IPA servers, one primary and one is backup. (Redhat 5)
What version of ipa-server is this?
> The primary servers certificate has expired.
>
> I am not able to renew it.
>
> I turned off the ssl on the clients and now the users can login.
>
> I did a lot of research on certificate renewal and I am lost at this point.
>
> I am able to make changes using the backup IPA server.
This getcert output is quite strange. Did you start these tracking yourself?
Did you replace the IPA CA certificate at some point?
rob
More information about the Freeipa-devel
mailing list