Dear All
we have a three nodes FreeIPA 4.6.8 installation with third part
certificate (https / dirsrv). This certificate has expired and when I
try to follow the
ipa-cacert-manage install ...
ipa-certupdate I get the error: "cannot connect to
https://ipaserver/ipa/json : [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed (_ssl.c:618)"
I suppose that this is due to the fact that https connection is blocked
for expired certificate which I can't renew.
Is there a way to bypass this?
I've tried to set a date on the server previous than the expiring one of
the cert, but I get an SASL/GSSAPI error (even if I renew admin ticket).
I was thinking to regenerate /etc/httpd/alias/cert8.db,key3.db with new
cert/key but I don't know how
thank you
regards
Stefano