Ok. So once again my IPA server is having cert issues. Everything seems
to be working except when I am in the web interface and goto
"Authentication" --> "Certificates" --> Click any of the certs
in the list.
---- I get this error from the browser.------
IPA ERROR 907: NetworkError
cannot connect to
https://[myservernamehere.fqdn]:443/ca/agent/ca/displayBySerial' :
SSL_HANDSHAKE_FAILURE
# getcert list |grep expires --> everything checks out ok. no expiry on
any of the certs
--- checked all the certs on there "Not Before" and "Not After" dates
for the following NSS db's
certutil -L -d /etc/pki/pki-tomcat/alias
certutil -L -d /etc/httpd/alias
---- In /var/log/httpd/error_log, I do see some errors: ----
Bad Remote Server Certificate -8181
SSL Library Error: -8181 Certificate has expired
I know it's an expired cert obviously from httpd errorlog but where is
the darn thing. I thought i checked all the places and looked ok but I'm
definitely missing something....
could use some advice.
TIA