Hi,
> To recover from this situation you should reinstall the old CA > certificate via ipa-cacert-manage. If you can't find a copy of that > lying around you should (for a self-signed IPA CA) be able to > retrieve it from LDAP under ou=certificateRepository,ou=ca,o=ipaca. > (Probably cn=1,ou=certificateRepository,ou=ca,o=ipaca but you should > check the subject and validity before installing it to make sure the > particulars are correct). The attribution you want is > 'userCertificate;binary'. > Actually after ipa-cacert-manage, I used a backup to roll back the changes, so I do think that my CA has not been actually changed. I was just surprised not to be able to restart the httpd service, but it was due to the expired SSL certificate. Thanks a lot. Karl > HTH, > Fraser > > > From your description it sounded like you just wanted the CA to issue a > new > > certificate for your IPA UI, this you can do via the interface. > > > > https://access.redhat.com/documentation/en-US/Red_Hat_ > Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_ > Guide/certificates.html#certificate-request-ui > > > > > > > > On Wed, Jul 12, 2017 at 10:22 AM None via FreeIPA-users < > > freeipa-users@lists.fedorahosted.org> wrote: > > > > > The problem is that the SSL certificate was not renewed by the > > > "ipa-cacert-manage renew" command. > > > So the http server refuses to start. > > > Hence my question: what is the correct way to renew the SSL > certificate ?? > > > > > > Thanks. > > > _______________________________________________ > > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > > To unsubscribe send an email to freeipa-users-leave@lists. > fedorahosted.org > > > > > -- > > Callum Guy > > Head of Information Security > > X-on > > > > -- > > > > > > > > *0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | ** > > <https://www.linkedin.com/company/x-on> <https://www.facebook.com/ > XonTel> > > <https://twitter.com/xonuk> * > > X-on is a trading name of Storacall Technology Ltd a limited company > > registered in England and Wales. > > Registered Office : Avaland House, 110 London Road, Apsley, Hemel > > Hempstead, Herts, HP3 9SD. Company Registration No. 2578478. > > The information in this e-mail is confidential and for use by the > > addressee(s) only. If you are not the intended recipient, please notify > > X-on immediately on +44(0)333 332 0000 and delete the > > message from your computer. If you are not a named addressee you must not > > use, disclose, disseminate, distribute, copy, print or reply to this > email. Views > > or opinions expressed by an individual > > within this email may not necessarily reflect the views of X-on or its > > associated companies. Although X-on routinely screens for viruses, > > addressees should scan this email and any attachments > > for viruses. X-on makes no representation or warranty as to the absence > of > > viruses in this email or any attachments. > > > > > _______________________________________________ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > To unsubscribe send an email to freeipa-users-leave@lists. > fedorahosted.org > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
