i renewd kdc.key and kdc.crt as below:
sudo ipa-pkinit-manage disable
sudo rm -f /var/kerberos/krb5kdc/kdc.crt
sudo rm -f /var/kerberos/krb5kdc/kdc.key
sudo ipa-pkinit-manage enable -->this will generate new certificates
sudo systemctl start krb5kdc
sudo systemctl start kadmin
--
Hi Mark,
Can yo assist me in creating new certificate, when i created new self signed
certificate it's showing. CA_UNREACHABLE
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
Thanks for your reply. I did stop tracking and start tracking with the self
sign attribute. This did not create the certificate that matches my other
servers. All it did was change the CA to SelfSign but everything else was the
same. I think that I may need to issue a new request as it looks
Mark Selby via FreeIPA-users wrote:
> My company has 6 FreeIPA servers across 3 different locations. Five of the
> six servers are ok, but one we could not login to. The error messages pointed
> to the expired certificate located at `/var/kerberos/krb5kdc/kdc.crt`
>
> My question is how do I
