Hi,
On Mon, Jul 4, 2022 at 11:52 AM roy liang via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
The workaround from the above documentation allows to start the LDAP server
and the Apache Server even with expired certificates but the other services
may suffer from expired certificates, too.
For instance, when you run ipa user-show command, this command contacts the
HTTP server, and the application running inside the HTTP server may need to
contact PKI server (for instance to retrieve certificate information for
the user). This connection between HTTP and PKI is authenticated using the
RA cert, which is also expired, and also needs to be secured using the PKI
server cert, which is also expired.
The workaround allows to start the services but does not guarantee that all
the commands will work.
Hope this clarifies,
flo
Oh, I reviewed the documentation, and it is true, but it still doesn't
solve the post-certificate fix problem, such as copying a new node.Thank you for your
guidance