Thank you Fraser for the support.
'REALM.COM IPA CA' or caSigningCert is valid for 20 years, should be no problem
here.
But I am afraid I can't find common date for remaining four certs. As per bellow
data:
[1] There is common date for auditSigningCert, subsystemCert and Server-Cert
[2] There is common date for Server-Cert and ocspSigningCert
[3] ocspSigningCert CANNOT have common date with auditSigningCert and subsystemCert
# certutil -L -d /etc/pki/pki-tomcat/alias/ -n 'auditSigningCert cert-pki-ca'
Not Before: Wed Aug 24 20:49:38 2016
Not After : Tue Aug 14 20:49:38 2018
# certutil -L -d /etc/pki/pki-tomcat/alias/ -n 'caSigningCert cert-pki-ca'
Not Before: Wed Aug 24 20:49:35 2016
Not After : Sun Aug 24 20:49:35 2036
# certutil -L -d /etc/pki/pki-tomcat/alias/ -n 'subsystemCert cert-pki-ca'
Not Before: Wed Aug 24 20:49:36 2016
Not After : Tue Aug 14 20:49:36 2018
# certutil -L -d /etc/pki/pki-tomcat/alias/ -n 'Server-Cert cert-pki-ca'
Not Before: Sat Nov 12 16:21:33 2016
Not After : Fri Nov 02 15:21:33 2018
# certutil -L -d /etc/pki/pki-tomcat/alias/ -n 'ocspSigningCert cert-pki-ca'
Not Before: Mon Oct 22 20:15:53 2018
Not After : Sun Oct 11 20:15:53 2020
# certutil -L -d /etc/dirsrv/slapd-REALM-COM -n 'REALM.COM IPA CA'
Not Before: Wed Aug 24 20:49:35 2016
Not After : Sun Aug 24 20:49:35 2036
What would you suggest now ?