_______________________________________________Hi Team,
As we checked pki-tomcatd service was stopped, couldn’t possible to set the clock back as other certificates will not valid
PFB details, please let us know if more details required on this
As you can see Unable to communicate with CMS (404) when performed ipa cert-show for the serial no , ipa version is VERSION: 4.5.0
Please guide us to proceed further
[root@sai ~]# certutil -L -d /etc/pki/pki-tomcat/alias -n "Server-Cert cert-pki-ca" |grep -i after
Not After : Mon Jan 10 06:35:46 2022
[root@sai ~]#
[root@sai ~]# certutil -L -d /etc/pki/pki-tomcat/alias -n "Server-Cert cert-pki-ca" |grep -i before
Not Before: Tue Jan 21 06:35:46 2020
[root@sai ~]#
[root@sai ~]#
[root@sai ~]# certutil -L -d /etc/pki/pki-tomcat/alias -n "Server-Cert cert-pki-ca" |grep -i serial
Serial Number: 80 (0x50)
[root@sai ~]#
[root@sai ~]#
[root@sai ~]# ipa cert-show 80
ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (404)
[root@sai ~]#
[root@sai ~]#
[root@sai ~]# # Not possible to reset clock back , because other certificates were not valid
[root@sai ~]#
[root@sai ~]#
[root@sai ~]#
[root@sai ~]# ipa --version
VERSION: 4.5.0, API_VERSION: 2.228
[root@sai ~]#
[root@sai ~]#
Regards
Sai
DISCLAIMER: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Further, this e-mail may contain viruses and all reasonable precaution to minimize the risk arising there from is taken by OnMobile. OnMobile is not liable for any damage sustained by you as a result of any virus in this e-mail. All applicable virus checks should be carried out by you before opening this e-mail or any attachment thereto.
Thank you - OnMobile Global Limited.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue