Re: [Freeipa-users] Expired Certs

Thu, 16 Apr 2015 12:38:46 -0700 

[ snip ]




> 
> [root@ipa ~]# date
> Thu Apr 10 00:13:51 EDT 2014
> [root@ipa ~]# /etc/init.d/certmonger restart
> Stopping certmonger:                                      [  OK  ]
> Starting certmonger:                                      [  OK  ]
> [root@ipa ~]# 

You are going way to far back in time AFAICT. The certs expired on April
5 of this year so you don't need to go back to 2014. Just go back to
April 3 or 4.

You'll also need to restart IPA before kicking certmonger ipactl restart

rob

Thanks Rob,
Following your advice, it looks like only one of the eight certificates are now 
monitoring.  Check out the following:

[root@ipa ~]# getcert list | grep -A1 status status: CA_UNREACHABLE ca-error: 
Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: 
Peer certificate cannot be authenticated with known CA certificates.-- status: 
CA_UNREACHABLE ca-error: Error 60 connecting to 
https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot 
be authenticated with known CA certificates.-- status: CA_UNREACHABLE ca-error: 
Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: 
Peer certificate cannot be authenticated with known CA certificates.-- status: 
CA_UNREACHABLE ca-error: Error 60 connecting to 
https://ipa.infra.idef:9443/ca/agent/ca/profileReview: Peer certificate cannot 
be authenticated with known CA certificates.-- status: CA_UNREACHABLE ca-error: 
Error 60 connecting to https://ipa.infra.idef:9443/ca/agent/ca/profileReview: 
Peer certificate cannot be authenticated with known CA certificates.-- status: 
CA_UNREACHABLE ca-error: Server at https://ipa.infra.idef/ipa/xml failed 
request, will retry: 4301 (RPC failed at server.  Certificate operation cannot 
be completed: EXCEPTION (Invalid Credential.)).-- status: CA_UNREACHABLE 
ca-error: Server at https://ipa.infra.idef/ipa/xml failed request, will retry: 
4301 (RPC failed at server.  Certificate operation cannot be completed: 
EXCEPTION (Invalid Credential.)).-- status: MONITORING ca-error: Server at 
https://ipa.infra.idef/ipa/xml denied our request, giving up: 2100 (RPC failed 
at server.  Insufficient access: hostname in subject of request 
'ipa.infra.idef' does not match principal hostname 'ipa'). 
How can I get the remaining certs fixed as well?  Thanks in advance.
 
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to