> If tomcat fails to start then you need to stop and figure out why.
Any further poking at certificates won't yield anything useful without a
working CA.
So at all times I should make sure `pki-tomcatd` is working. Well it is
often failing with:
`ipa-pki-wait-running: Request failed
Cristian Le via FreeIPA-users wrote:
> Ok, let me walk through some of the specific errors, and I will also
> censor out some of the output since this is going to the public
> mail-list as well.
>
> Starting from the beginning.
> - I have set the date to `1 month` before certificate expired with
Ok, let me walk through some of the specific errors, and I will also
censor out some of the output since this is going to the public
mail-list as well.
Starting from the beginning.
- I have set the date to `1 month` before certificate expired with `sudo
date`
- I ran `ipactl restart --force`
Hi,
On Fri, Sep 22, 2023 at 12:36 PM Cristian Le wrote:
> Hi Florence,
>
> Thanks for the feedback, let me clarify the situation on the certificates:
> - External CA is still valid and it is a self-signed certificate that we
> use for other services. So we can manually sign any service
Hi Florence,
Thanks for the feedback, let me clarify the situation on the certificates:
- External CA is still valid and it is a self-signed certificate that we
use for other services. So we can manually sign any service certificates
to get them back up and running
- IPA CA is expired, let's
Hi,
On Thu, Sep 21, 2023 at 5:04 PM Cristian Le via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> I have tried my luck around with all the helpers: `pki-server cert-fix`,
> `ipa-cacert-manage`, `ipa-certupdate`, etc. but each one is failing on me
> for multiple reasons.
> -