### Request for enhancement
((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired
At present, it is an online operation, so I dare not change the configuration at will.I tried to modify Linux times on the test environment, but there were some unexpected risks.Don't dare change the time online like this.Is there a good way to renew it?Thank you very much
#### Steps to Reproduce
root@fs-ambari-server:~# ipa host-add fs-hiido-alluxio-12-65-100.hiido.host.yydevops.com
ipa: ERROR: cert validation failed for "CN=fs-hiido-kerberos-server02.hiido.host.yydevops.com,O=YYDEVOPS.COM" ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.)
ipa: ERROR: cannot connect to 'https://fs-hiido-kerberos-server02.hiido.host.yydevops.com/ipa/json': (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.
root@fs-ambari-server:~#
root@fs-ambari-server:~#
root@fs-ambari-server:~# cat /tmp/kinit_trace
[61194] 1653916457.285087: ccselect module realm chose cache KEYRING:persistent:0:0 with client principal admin(a)YYDEVOPS.COM for server principal HTTP/fs-hiido-kerberos-server02.hiido.host.yydevops.com(a)YYDEVOPS.COM
[61194] 1653916457.285138: Getting credentials admin(a)YYDEVOPS.COM -> HTTP/fs-hiido-kerberos-server02.hiido.host.yydevops.com(a)YYDEVOPS.COM using ccache KEYRING:persistent:0:0
[61194] 1653916457.285216: Retrieving admin(a)YYDEVOPS.COM -> HTTP/fs-hiido-kerberos-server02.hiido.host.yydevops.com(a)YYDEVOPS.COM from KEYRING:persistent:0:0 with result: 0/Success
[61194] 1653916457.285253: Creating authenticator for admin(a)YYDEVOPS.COM -> HTTP/fs-hiido-kerberos-server02.hiido.host.yydevops.com(a)YYDEVOPS.COM, seqnum 746871073, subkey aes256-cts/24EC, session key aes256-cts/BFE5
ssh fs-hiido-kerberos-server02.hiido.host.yydevops.com(a)YYDEVOPS.COM
root@fs-hiido-kerberos-server02:/var/log/ipa# ipa-getcert list
Number of certificates and requests being tracked: 4.
Request ID '20200528083036':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-YYDEVOPS-COM',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-YYDEVOPS-COM/pwdfile.txt'
certificate: type=NSSDB,location='/etc/dirsrv/slapd-YYDEVOPS-COM',nickname='Server-Cert'
CA: IPA
issuer:
subject:
expires: unknown
pre-save command:
post-save command: /usr/lib/ipa/certmonger/restart_dirsrv YYDEVOPS-COM
track: yes
auto-renew: yes
Request ID '20200528083056':
status: CA_UNREACHABLE
ca-error: Server at https://fs-hiido-kerberos-server02.hiido.host.yydevops.com/ipa/xml failed request, will retry: -504 (libcurl failed to execute the HTTP POST transaction, explaining: SSL certificate problem: certificate has expired).
stuck: no
key pair storage: type=FILE,location='/var/lib/ipa/private/httpd.key',pinfile='/var/lib/ipa/passwds/fs-hiido-kerberos-server02.hiido.host.yydevops.com-443-RSA'
certificate: type=FILE,location='/var/lib/ipa/certs/httpd.crt'
CA: IPA
issuer: CN=Certificate Authority,O=YYDEVOPS.COM
subject: CN=fs-hiido-kerberos-server02.hiido.host.yydevops.com,O=YYDEVOPS.COM
expires: 2022-05-29 16:31:00 CST
dns: fs-hiido-kerberos-server02.hiido.host.yydevops.com
principal name: HTTP/fs-hiido-kerberos-server02.hiido.host.yydevops.com(a)YYDEVOPS.COM
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib/ipa/certmonger/restart_httpd
track: yes
auto-renew: yes
#### Version/Release/Distribution
root@fs-hiido-kerberos-server02:/var/log/ipa# ipa --version
VERSION: 4.8.6, API_VERSION: 2.236
Hi,
I have posted this question on stack overflow but no traction
https://stackoverflow.com/questions/72367227/trying-to-get-hostent-from-a-n…
I'm getting errors "Bug: Trying to get hostent from a name-less server" which i think its the reason i have to do 'kinit user' every few minutes (as its crashing?)
I have no idea where to start debugging so maybe someone here could help me out?
Thanks!