Hi, On Thu, May 5, 2022 at 5:31 PM john john via FreeIPA-users < [email protected]> wrote:
> I appreciate all the help you provide. > > getcert list -d /etc/pki/pki-tomcat/alias | egrep "certificate:|expires" > certificate: > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert > cert-pki-ca',token='NSS Certificate DB' > expires: 2024-03-05 17:47:13 UTC > certificate: > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert > cert-pki-ca',token='NSS Certificate DB' > expires: 2024-03-07 17:47:15 UTC > ocspSigningCert cert-pki-ca will expire on 2024-03-07, which means it was renewed around 2022-03-17 (validity is 740 days = 2 years minus 10 days). If you pick March 8, 2022, then this cert is not valid yet and prevents the startup of PKI. Check the exact date it was issued and pick a date after that one. flo > certificate: > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert > cert-pki-ca',token='NSS Certificate DB' > expires: 2024-03-05 17:47:23 UTC > certificate: > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert > cert-pki-ca',token='NSS Certificate DB' > expires: 2038-05-10 15:56:32 UTC > certificate: > type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert > cert-pki-ca',token='NSS Certificate DB' > expires: 2022-04-15 04:47:25 UTC > > Only one certificate expired in April - 'Server-Cert cert-pki-ca' > Why March 8 didn’t come, I don’t understand. > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
