Hi,
On Mon, Jul 4, 2022 at 11:52 AM roy liang via FreeIPA-users < freeipa-users(a)lists.fedorahosted.org> wrote:
The workaround from the above documentation allows to start the LDAP server and the Apache Server even with expired certificates but the other services may suffer from expired certificates, too. For instance, when you run ipa user-show command, this command contacts the HTTP server, and the application running inside the HTTP server may need to contact PKI server (for instance to retrieve certificate information for the user). This connection between HTTP and PKI is authenticated using the RA cert, which is also expired, and also needs to be secured using the PKI server cert, which is also expired.
The workaround allows to start the services but does not guarantee that all the commands will work. Hope this clarifies, flo
Oh, I reviewed the documentation, and it is true, but it still doesn't solve the post-certificate fix problem, such as copying a new node.Thank you for your guidance