craig.free...@noboost.org wrote:
Well progress :) just not quite fully fixed, seems three certificates have updated just not the others yet. Do I need to "tell them to update", or let the server roll over until it hits Jan 14?Server: Red Hat Enterprise Linux Server release 6.5 (Santiago) ipa-server-3.0.0-37.el6.x86_64 ipa-client-3.0.0-37.el6.x86_64 --- ~/Scripts>date Sat Jan 11 19:29:02 EST 2014 --- ~/Scripts>certutil -L -d /etc/httpd/alias -n ipaCert | grep After Not After : Fri Jan 01 07:44:45 2016 --- Ran script: for nickname in "auditSigningCert cert-pki-ca" "ocspSigningCert cert-pki-ca" "subsystemCert cert-pki-ca" "Server-Cert cert-pki-ca" do echo $nickname certutil -L -d /var/lib/pki-ca/alias -n "${nickname}" | grep -i after done --- auditSigningCert cert-pki-ca Not After : Thu Jul 10 07:45:42 2014 Not After : Tue Jan 14 06:45:05 2014 ocspSigningCert cert-pki-ca Not After : Fri Jan 01 07:44:43 2016 subsystemCert cert-pki-ca Not After : Fri Jan 01 07:44:44 2016 Server-Cert cert-pki-ca Not After : Tue Jan 14 06:45:05 2014 --- The apache cert did update which is good! ~/Scripts>certutil -L -d /etc/httpd/alias -n ipaCert | grep After Not After : Fri Jan 01 07:44:45 2016 cya Craig
For those not yet renewed I'd do a getcert list to find them and getcert resubmit -i <id> to force renewal.
The CA won't start without a valid audit cert. rob _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
