Greetings,all I've been observing multiple issues for some time, unable to enroll new clients etc. Finally found out that the possible root cause is the expired Server-Cert cert-pki-ca and therefore pki-tomcat service won't start
Here's the output of getcert list -d /etc/pki/pki-tomcat/alias/ Request ID '20171204131518': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=.... subject: CN=.... expires: 2022-04-25 17:06:51 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth,id-kp-emailProtection pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert "Server-Cert cert-pki-ca" Other certs in /etc/pki/pki-tomcat/alias/ seem to be ok but this one. I'd like to understand how to perform the forced update for this one, i assume it must be renewed automatically though I tried to invoke post-save command manually but no luck. Appreciate any ideas
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
