> On 1/16/20 12:26 AM, Ferdinand Babas via FreeIPA-users wrote:
> Hi,
> the cert is present but its private key is missing. It looks like you
> lost many of the private keys on that node, do you have a backup
> somewhere of the NSS database?
> Otherwise, the private key may b
> On 1/14/20 11:41 PM, Ferdinand Babas via FreeIPA-users wrote:
> Agreed, any date
> between June 1 and June 4 should be ok.
>
> ipaCert is the most important cert to renew and should
> be handled first.
> The man page for getcert-list explains this error as:
> On 1/9/20 6:44 AM, Ferdinand Babas via FreeIPA-users wrote:
> Hi,
>
> you need to carefully pick the date in the past. At that given date, all
> your certs must be valid (ie notbefore < date < notafter). It's likely
> that you choose a date before the notbef
> On 1/8/20 3:30 AM, Ferdinand Babas via FreeIPA-users wrote:
> Do you have the file /var/lib/pki/pki-tomcat/conf/password.conf ? Its
> content is usually:
> internal=
> replicationdb=
>
> If it's empty/missing, you can also check if there is a
> /etc/pki/pki-t
Hi Flo,
Thanks for the response.
> On 1/6/20 10:12 PM, Ferdinand Babas via FreeIPA-users wrote:
> Hi,
> this error usually happens when there are issues with the subsystemCert
> cert-pki-ca. According to your certutil output, the cert is missing
> u,u,u flags, can you check if
Hi All,
I've been trying to work through this issue but can't find the magic formula to
get it working so I'm turning to the community for help.
We are currently running VERSION: 4.4.0, API_VERSION: 2.213 in a 4 node multi
master environment and the steps listed below were performed on the IPA
