[Freeipa-users] SSL errors ... again

Ok. So once again my IPA server is having cert issues. Everything seems to be working except when I am in the web interface and goto "Authentication" --> "Certificates" --> Click any of the certs in the list. ---- I get this error from the browser.------ IPA ERROR 907: NetworkError cannot connect to https://[myservernamehere.fqdn]:443/ca/agent/ca/displayBySerial' : SSL_HANDSHAKE_FAILURE # getcert list |grep expires  --> everything checks out ok. no expiry on any of the certs --- checked all the certs on there "Not Before" and "Not After" dates for the following NSS db's certutil -L -d /etc/pki/pki-tomcat/alias certutil -L -d /etc/httpd/alias  ---- In /var/log/httpd/error_log, I do see some errors: ---- Bad Remote Server Certificate -8181 SSL Library Error: -8181 Certificate has expired I know it's an expired cert obviously from httpd errorlog but where is the darn thing. I thought i checked all the places and looked ok but I'm definitely missing something.... could use some advice. TIA