/var/lib/certmonger/requests file.
I will take any suggestion even if it is a painful one,.
On 4/14/25 1:19 AM, Florence Blanc-Renaud wrote:
Hi,
On Sun, Apr 13, 2025 at 7:25 PM Mark Selby via FreeIPA-users
wrote:
Our old FreeIPA cluster ipa-server-4.6.8-5.el7 (whic
e older cert pair
but I am unsure of how do accomplish this. Is it as simple as replacing
the cert in the nss db? Do I need to hack a /var/lib/certmonger/requests
file.
I will take any suggestion even if it is a painful one,.
On 4/14/25 1:19 AM, Florence Blanc-Renaud wrote:
Hi,
On Sun, Apr 1
Our old FreeIPA cluster ipa-server-4.6.8-5.el7 (which we will upgrade if/when
this issue resolved) has a non functional CA due to the ocspSigningCert being
expired.
I have tried all of the suggested fixes that others with this issue have
suggested. ipa-cert-fix and running pki-server cert-fix d
Thanks for your reply. I did stop tracking and start tracking with the self
sign attribute. This did not create the certificate that matches my other
servers. All it did was change the CA to SelfSign but everything else was the
same. I think that I may need to issue a new request as it looks lik
My company has 6 FreeIPA servers across 3 different locations. Five of the six
servers are ok, but one we could not login to. The error messages pointed to
the expired certificate located at `/var/kerberos/krb5kdc/kdc.crt`
My question is how do I "properly" renew or recreate this certificate. I
My company has 6 FreeIPA servers across 3 different locations. Five of the six
servers are ok, but one we could not login to. The error messages pointed to
the expired certificate located at `/var/kerberos/krb5kdc/kdc.crt`
My question is how do I "properly" renew or recreate this certificate. I
