Hi, thanks for your answer, That seems in line with not being able to communicate with the CA: ``` [root@ldap2 requests]# ipa cert-show 1 ipa: ERROR: cannot connect to 'https://ldap1:443/ca/agent/ca/displayBySerial': (SSL_ERROR_EXPIRED_CERT_ALERT) SSL peer rejected your certificate as expired. ```
Unfortunately, I will have no access to the system before next monday to obtain the `getcert list`. The status of the request is 'CA_WORKING' - that much I can tell. I could not see any other response in the logs. (journalctl or /var/log/messages) and the CSR does not seem to arrive at ldap1. But I understand that I could manually bring the CSR to ldap1, sign it there, bring it back... There are, however, a lot of points I'm unsure about. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
