Hello, i upgrade my centos 7.5 ipaserver to an new version and runned into a few problems.
It seems like 'subsystemCert cert-pki-ca' is expired nearly a month ago (jul 22) and i am not sure how to renew it. When i run the ipa-server-upgrade manual, i run into a error with the ca certificates and in the log i found that line: Internal Database Error encountered: Could not connect to LDAP server host ipababy.int.asta-frankfurt.de port 636 Error netscape.ldap.LDAPException: Unable to create socket: org.mozilla.jss.ssl.SSLSocketException: org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8181) Peer's Certificate has expired. (-1) When i run ipactl start, tomcatd and httpd wont start. I allready tried to turn back time, but i dont know how to manual start pki-tomcatd or any other way to renew the certificates. Or do i look in the wrong diection the whole time? Thank u all for ur help
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/JGRHH7APNV25ZRQHP5IWAWRCNZBRAZLE/
