Hi All,
My subsystem cert appears to have gone out of date, and I'm unable to get it to
update. This has become an issue on my production environment, and my current
work around has been to take the system date back by a month. I've tried the
cert renew tool, but this doesn't seem to have updated this cert.
Is anyone able to point me in the right direction to be able to update this
specific certificate as I've been unable to find anything online.
[auth01 ~]# certutil -L -d /etc/pki/pki-tomcat/alias -n 'subsystemCert
cert-pki-ca'
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 42 (0x2a)
Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: "CN=Certificate Authority,O=INT.I-NEDA.COM"
Validity:
Not Before: Sun Nov 04 08:04:35 2018
Not After : Sat Oct 24 07:04:35 2020
Subject: "CN=CA Subsystem,O=INT.I-NEDA.COM"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
c6:7e:e6:40:8f:6e:77:07:8f:2a:ca:ca:63:63:cf:c6:
5f:1c:09:63:4a:bb:17:68:17:cd:20:9b:f3:b0:5b:c0:
f7:ff:72:07:1d:a2:29:93:61:62:5c:9f:04:d3:cb:7b:
bf:53:de:bb:dd:d6:3f:a1:14:95:04:53:64:87:73:24:
e3:61:66:96:ab:99:1f:2c:da:ec:22:e5:21:b1:5c:d5:
0a:dd:4e:3f:f8:e2:90:a1:55:31:ad:11:2f:3b:d3:90:
14:dc:b7:9d:fc:35:1a:ab:48:27:68:0a:9f:cb:95:14:
00:93:b8:d4:d4:30:de:4e:be:20:a3:01:24:e8:f2:4a:
1a:d2:b6:e0:09:77:3d:24:e3:5a:cf:51:d6:ca:d2:65:
53:62:72:64:fe:7d:53:09:0e:97:b8:61:c9:c8:6d:24:
52:15:f2:bf:40:04:38:24:22:73:fb:80:a0:ff:16:57:
e1:0b:3c:71:02:d7:e6:2e:94:0a:e7:4e:aa:5e:6f:91:
a5:68:65:21:cd:68:0c:2d:5d:53:fa:e0:10:75:47:43:
04:f2:8b:e1:1c:1c:ed:a6:c1:ee:5c:6c:72:51:b5:e6:
cd:f9:06:45:17:00:2b:d7:34:75:8a:59:f2:21:97:c6:
63:d3:6f:54:d9:00:42:74:88:9e:94:d0:d4:d2:a1:b7
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Certificate Authority Key Identifier
Key ID:
f2:bb:9c:4f:e3:d8:c3:f9:58:eb:cc:5f:f7:be:8c:d6:
d5:08:c0:3a
Name: Authority Information Access
Method: PKIX Online Certificate Status Protocol
Location:
URI: "http://ipa-ca.int.i-neda.com/ca/ocsp";
Name: Certificate Key Usage
Critical: True
Usages: Digital Signature
Non-Repudiation
Key Encipherment
Data Encipherment
Name: Extended Key Usage
TLS Web Server Authentication Certificate
TLS Web Client Authentication Certificate
Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
Signature:
5f:b7:31:25:10:ef:e7:72:44:8e:94:1d:57:4e:bb:4e:
22:cf:9b:7e:f4:20:a2:fa:96:2a:cf:e9:70:cd:a6:82:
4a:bd:58:4b:a7:df:4d:77:47:ba:65:d0:68:c5:dc:59:
77:7e:bf:36:d3:55:c7:86:d3:16:77:51:46:c2:48:de:
e8:0d:62:05:b9:8c:46:bd:22:7d:8d:d0:ad:5a:64:6b:
9b:7d:ec:4c:e6:05:e7:02:97:cd:01:f5:19:91:15:7e:
cc:41:5b:f2:00:2d:c0:0b:91:9e:62:d5:7a:b2:1e:8f:
32:62:c2:ed:1a:e8:e1:56:32:e0:0e:79:55:a2:49:35:
0e:df:5d:a3:df:e2:dd:58:60:4a:dd:19:92:f7:4d:60:
59:0e:16:b1:ae:32:e6:c5:c5:fa:5b:2f:fe:1d:fe:e9:
ec:67:2b:65:33:f2:57:64:8a:68:f3:91:9b:25:ff:02:
64:4c:a1:6d:fe:f0:73:95:f2:0f:49:fb:3f:85:21:a0:
68:37:dc:cd:73:02:73:20:22:a9:1d:c9:7e:88:4f:9b:
7c:92:f8:c1:50:0f:95:43:48:5b:8b:7f:0f:48:04:a8:
c7:c0:0e:58:7c:86:2c:3a:b5:72:e3:34:3d:d8:0f:26:
eb:44:fa:75:c1:c8:fc:b6:7d:f7:31:91:a4:71:a1:51
Fingerprint (SHA-256):
4F:2A:1B:54:65:B6:09:3E:AD:68:08:92:CB:8D:FE:13:EF:B8:4C:F1:1E:0F:E1:15:13:92:D3:7A:3D:F8:54:44
Fingerprint (SHA1):
03:34:DC:55:F5:00:AF:8C:EF:AC:AA:0D:E0:44:AD:5C:6F:CF:97:A6
Mozilla-CA-Policy: false (attribute missing)
Certificate Trust Flags:
SSL Flags:
User
Email Flags:
User
Object Signing Flags:
User
Thanks for the help,
Marc.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
