We have one new customer, they have setup of one single node of IPA on CentOS.
There certificate is expired, and everthing went down.
When we are trying to bring services up.
pki_tomcatd is not starting, another thing is
When we run command > ipactl-getcerts list
One of the certificate is shwoing CA_Unreachable and getting error:
/var/kerberos/krb5kdc/kdc.crt /var/kerberos/krb5kdc/kdc.key
enter image description here
Created new certificate and CA -> it loads certificate, new dates it shows but still says CA unreachable.
girish f via FreeIPA-users wrote:
We have one new customer, they have setup of one single node of IPA on CentOS.
There certificate is expired, and everthing went down.
When we are trying to bring services up.
pki_tomcatd is not starting, another thing is
When we run command > ipactl-getcerts list
One of the certificate is shwoing CA_Unreachable and getting error:
/var/kerberos/krb5kdc/kdc.crt /var/kerberos/krb5kdc/kdc.key
enter image description here
Created new certificate and CA -> it loads certificate, new dates it shows but still says CA unreachable.
Created a new certificate how? If the other certs are expired this is probably the least of your problems.
What version of IPA on what distribution?
rob
freeipa-users@lists.fedorahosted.org