Hi All,
My subsystem cert appears to have gone out of date, and I'm unable to get it to update. This has become an issue on my production environment, and my current work around has been to take the system date back by a month. I've tried the cert renew tool, but this doesn't seem to have updated this cert.
Is anyone able to point me in the right direction to be able to update this specific certificate as I've been unable to find anything online.
[auth01 ~]# certutil -L -d /etc/pki/pki-tomcat/alias -n 'subsystemCert cert-pki-ca' Certificate: Data: Version: 3 (0x2) Serial Number: 42 (0x2a) Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: "CN=Certificate Authority,O=INT.I-NEDA.COM" Validity: Not Before: Sun Nov 04 08:04:35 2018 Not After : Sat Oct 24 07:04:35 2020 Subject: "CN=CA Subsystem,O=INT.I-NEDA.COM" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c6:7e:e6:40:8f:6e:77:07:8f:2a:ca:ca:63:63:cf:c6: 5f:1c:09:63:4a:bb:17:68:17:cd:20:9b:f3:b0:5b:c0: f7:ff:72:07:1d:a2:29:93:61:62:5c:9f:04:d3:cb:7b: bf:53:de:bb:dd:d6:3f:a1:14:95:04:53:64:87:73:24: e3:61:66:96:ab:99:1f:2c:da:ec:22:e5:21:b1:5c:d5: 0a:dd:4e:3f:f8:e2:90:a1:55:31:ad:11:2f:3b:d3:90: 14:dc:b7:9d:fc:35:1a:ab:48:27:68:0a:9f:cb:95:14: 00:93:b8:d4:d4:30:de:4e:be:20:a3:01:24:e8:f2:4a: 1a:d2:b6:e0:09:77:3d:24:e3:5a:cf:51:d6:ca:d2:65: 53:62:72:64:fe:7d:53:09:0e:97:b8:61:c9:c8:6d:24: 52:15:f2:bf:40:04:38:24:22:73:fb:80:a0:ff:16:57: e1:0b:3c:71:02:d7:e6:2e:94:0a:e7:4e:aa:5e:6f:91: a5:68:65:21:cd:68:0c:2d:5d:53:fa:e0:10:75:47:43: 04:f2:8b:e1:1c:1c:ed:a6:c1:ee:5c:6c:72:51:b5:e6: cd:f9:06:45:17:00:2b:d7:34:75:8a:59:f2:21:97:c6: 63:d3:6f:54:d9:00:42:74:88:9e:94:d0:d4:d2:a1:b7 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Authority Key Identifier Key ID: f2:bb:9c:4f:e3:d8:c3:f9:58:eb:cc:5f:f7:be:8c:d6: d5:08:c0:3a
Name: Authority Information Access Method: PKIX Online Certificate Status Protocol Location: URI: "http://ipa-ca.int.i-neda.com/ca/ocsp"
Name: Certificate Key Usage Critical: True Usages: Digital Signature Non-Repudiation Key Encipherment Data Encipherment
Name: Extended Key Usage TLS Web Server Authentication Certificate TLS Web Client Authentication Certificate
Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption Signature: 5f:b7:31:25:10:ef:e7:72:44:8e:94:1d:57:4e:bb:4e: 22:cf:9b:7e:f4:20:a2:fa:96:2a:cf:e9:70:cd:a6:82: 4a:bd:58:4b:a7:df:4d:77:47:ba:65:d0:68:c5:dc:59: 77:7e:bf:36:d3:55:c7:86:d3:16:77:51:46:c2:48:de: e8:0d:62:05:b9:8c:46:bd:22:7d:8d:d0:ad:5a:64:6b: 9b:7d:ec:4c:e6:05:e7:02:97:cd:01:f5:19:91:15:7e: cc:41:5b:f2:00:2d:c0:0b:91:9e:62:d5:7a:b2:1e:8f: 32:62:c2:ed:1a:e8:e1:56:32:e0:0e:79:55:a2:49:35: 0e:df:5d:a3:df:e2:dd:58:60:4a:dd:19:92:f7:4d:60: 59:0e:16:b1:ae:32:e6:c5:c5:fa:5b:2f:fe:1d:fe:e9: ec:67:2b:65:33:f2:57:64:8a:68:f3:91:9b:25:ff:02: 64:4c:a1:6d:fe:f0:73:95:f2:0f:49:fb:3f:85:21:a0: 68:37:dc:cd:73:02:73:20:22:a9:1d:c9:7e:88:4f:9b: 7c:92:f8:c1:50:0f:95:43:48:5b:8b:7f:0f:48:04:a8: c7:c0:0e:58:7c:86:2c:3a:b5:72:e3:34:3d:d8:0f:26: eb:44:fa:75:c1:c8:fc:b6:7d:f7:31:91:a4:71:a1:51 Fingerprint (SHA-256): 4F:2A:1B:54:65:B6:09:3E:AD:68:08:92:CB:8D:FE:13:EF:B8:4C:F1:1E:0F:E1:15:13:92:D3:7A:3D:F8:54:44 Fingerprint (SHA1): 03:34:DC:55:F5:00:AF:8C:EF:AC:AA:0D:E0:44:AD:5C:6F:CF:97:A6
Mozilla-CA-Policy: false (attribute missing) Certificate Trust Flags: SSL Flags: User Email Flags: User Object Signing Flags: User
Thanks for the help,
Marc.
freeipa-users@lists.fedorahosted.org