Hello!
I have inherited a FreeIPA server, and upon checking the certificate list with getcert
list, it shows that the certificate is already expired. Does anyone know how to renew it?
And coz of this issue, I am not able to enroll any any clients. Any help would be
appreciated.
Request ID '20160825909273':
status: CA_UNREACHABLE
ca-error: Server at
https://test.domain.com/ipa/xml failed request, will retry: 907 (RPC
failed at server. cannot connect to
'https://test.domain.com:443/ca/eeca/ca/profileSubmitSSLClient':
(SSL_ERROR_EXPIRED_CERT_ALERT) SSL peer rejected your certificate as expired.).
stuck: no
key pair storage:
type=NSSDB,location='/etc/dirsrv/slapd-TEST-DOMAIN-COM',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/dirsrv/slapd-TEST-DOMAINCOM/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/dirsrv/slapd-TEST-DOMAIN-COM',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=TEST-DOMAIN-COM
subject:
CN=test.domain.com,O=TEST.DOMAIN.COM
expires: 2023-12-18 15:52:08 UTC
principal name: ldap/test.domain.com(a)TEST.DOMAIN.COM
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv
TEST.DOMAIN.COM
track: yes
auto-renew: yes