On Thu, Jul 13, 2017 at 10:55:39AM +0200, Karl Forner wrote: > Hi, > > > > To recover from this situation you should reinstall the old CA > > certificate via ipa-cacert-manage. If you can't find a copy of that > > lying around you should (for a self-signed IPA CA) be able to > > retrieve it from LDAP under ou=certificateRepository,ou=ca,o=ipaca. > > (Probably cn=1,ou=certificateRepository,ou=ca,o=ipaca but you should > > check the subject and validity before installing it to make sure the > > particulars are correct). The attribution you want is > > 'userCertificate;binary'. > > > > > Actually after ipa-cacert-manage, I used a backup to roll back the changes, > so I do think that my CA has not been actually changed. > I was just surprised not to be able to restart the httpd service, but it > was due to the expired SSL certificate. > Thanks; I missed the detail about the rollback.
> Thanks a lot. > Karl > > > > > > HTH, > > Fraser > > > > > From your description it sounded like you just wanted the CA to issue a > > new > > > certificate for your IPA UI, this you can do via the interface. > > > > > > https://access.redhat.com/documentation/en-US/Red_Hat_ > > Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_ > > Guide/certificates.html#certificate-request-ui > > > > > > > > > > > > On Wed, Jul 12, 2017 at 10:22 AM None via FreeIPA-users < > > > freeipa-users@lists.fedorahosted.org> wrote: > > > > > > > The problem is that the SSL certificate was not renewed by the > > > > "ipa-cacert-manage renew" command. > > > > So the http server refuses to start. > > > > Hence my question: what is the correct way to renew the SSL > > certificate ?? > > > > > > > > Thanks. > > > > _______________________________________________ > > > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > > > To unsubscribe send an email to freeipa-users-leave@lists. > > fedorahosted.org > > > > > > > -- > > > Callum Guy > > > Head of Information Security > > > X-on > > > > > > -- > > > > > > > > > > > > *0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | ** > > > <https://www.linkedin.com/company/x-on> <https://www.facebook.com/ > > XonTel> > > > <https://twitter.com/xonuk> * > > > X-on is a trading name of Storacall Technology Ltd a limited company > > > registered in England and Wales. > > > Registered Office : Avaland House, 110 London Road, Apsley, Hemel > > > Hempstead, Herts, HP3 9SD. Company Registration No. 2578478. > > > The information in this e-mail is confidential and for use by the > > > addressee(s) only. If you are not the intended recipient, please notify > > > X-on immediately on +44(0)333 332 0000 and delete the > > > message from your computer. If you are not a named addressee you must not > > > use, disclose, disseminate, distribute, copy, print or reply to this > > email. Views > > > or opinions expressed by an individual > > > within this email may not necessarily reflect the views of X-on or its > > > associated companies. Although X-on routinely screens for viruses, > > > addressees should scan this email and any attachments > > > for viruses. X-on makes no representation or warranty as to the absence > > of > > > viruses in this email or any attachments. > > > > > > > > _______________________________________________ > > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > > To unsubscribe send an email to freeipa-users-leave@lists. > > fedorahosted.org > > > > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
