rui liang via FreeIPA-users wrote: > new freeipa(4.3) client ipa-replica-install unsuccessful > root@fs-hiido-ipa-ca-64-252:/var/lib/certmonger/requests# cat 20220607091036 > id=20220607091036 > key_type=RSA > key_gen_type=RSA > key_size=2048 > key_gen_size=2048 > key_next_type=UNSPECIFIED > key_next_gen_type=RSA > key_next_size=0 > key_next_gen_size=2048 > key_preserve=0 > key_storage_type=NSSDB > key_storage_location=/etc/dirsrv/slapd-YYDEVOPS-COM > key_token=NSS Certificate DB > key_nickname=Server-Cert > key_pin_file=/etc/dirsrv/slapd-YYDEVOPS-COM//pwdfile.txt > key_perms=0 > key_pubkey=3082010A0282010100ABAE6132CE275098AE738330F45086F71F725B80C43034EDBA8CF3D9A5D17515F4B07B2409C0D45B74885870CE48BD169D5EE1D06262C85291D692505BD7895FD09754F5D186DD0509DCF620649842F37AFFD45FD124AE40988557430C237C598F49CB845630DF0C1CE12BEB4E74CA5278398730094E7868794B75F6F572F205D0567EC509E35EDB7CB26AAF8C4713C828EB81EE39A13F7568009585C3C1EBA35833C7F30691580ABC0D85811097E74FCD502BA73709B350A74C8CBED646AD01A40E4D71AFE7FBBD11B96BD0A1975E267C54AA1A7C29C5EF20E349E200CFCC58BD748497DFF29EC87B4A39A121B6C79573A0C59943F1C7981691CD01C44B675D0203010001 > key_pubkey_info=30820122300D06092A864886F70D01010105000382010F003082010A0282010100ABAE6132CE275098AE738330F45086F71F725B80C43034EDBA8CF3D9A5D17515F4B07B2409C0D45B74885870CE48BD169D5EE1D06262C85291D692505BD7895FD09754F5D186DD0509DCF620649842F37AFFD45FD124AE40988557430C237C598F49CB845630DF0C1CE12BEB4E74CA5278398730094E7868794B75F6F572F205D0567EC509E35EDB7CB26AAF8C4713C828EB81EE39A13F7568009585C3C1EBA35833C7F30691580ABC0D85811097E74FCD502BA73709B350A74C8CBED646AD01A40E4D71AFE7FBBD11B96BD0A1975E267C54AA1A7C29C5EF20E349E200CFCC58BD748497DFF29EC87B4A39A121B6C79573A0C59943F1C7981691CD01C44B675D0203010001 > key_generated_date=20220607091036 > key_requested_count=1 > key_issued_count=0 > cert_storage_type=NSSDB > cert_storage_location=/etc/dirsrv/slapd-YYDEVOPS-COM > cert_nickname=Server-Cert > cert_perms=0 > cert_is_ca=0 > cert_ca_path_length=0 > cert_no_ocsp_check=0 > last_need_notify_check=19700101000000 > last_need_enroll_check=19700101000000 > template_subject=fs-hiido-ipa-ca-64-252.hiido.host.yydevops.com > template_principal=ldap/[email protected] > template_is_ca=0 > template_ca_path_length=0 > template_no_ocsp_check=0 > csr=-----BEGIN NEW CERTIFICATE REQUEST----- > MIIDsDCCApgCAQAwOTE3MDUGA1UEAxMuZnMtaGlpZG8taXBhLWNhLTY0LTI1Mi5o > aWlkby5ob3N0Lnl5ZGV2b3BzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC > AQoCggEBAKuuYTLOJ1CYrnODMPRQhvcfcluAxDA07bqM89ml0XUV9LB7JAnA1Ft0 > iFhwzki9Fp1e4dBiYshSkdaSUFvXiV/Ql1T10YbdBQnc9iBkmELzev/UX9EkrkCY > hVdDDCN8WY9Jy4RWMN8MHOEr6050ylJ4OYcwCU54aHlLdfb1cvIF0FZ+xQnjXtt8 > smqvjEcTyCjrge45oT91aACVhcPB66NYM8fzBpFYCrwNhYEQl+dPzVArpzcJs1Cn > TIy+1katAaQOTXGv5/u9Eblr0KGXXiZ8VKoafCnF7yDjSeIAz8xYvXSEl9/ynsh7 > SjmhIbbHlXOgxZlD8ceYFpHNAcRLZ10CAwEAAaCCATAwJQYJKoZIhvcNAQkUMRge > FgBTAGUAcgB2AGUAcgAtAEMAZQByAHQwggEFBgkqhkiG9w0BCQ4xgfcwgfQwgcEG > A1UdEQEBAASBtjCBs6BQBgorBgEEAYI3FAIDoEIMQGxkYXAvZnMtaGlpZG8taXBh > LWNhLTY0LTI1Mi5oaWlkby5ob3N0Lnl5ZGV2b3BzLmNvbUBZWURFVk9QUy5DT02g > XwYGKwYBBQICoFUwU6AOGwxZWURFVk9QUy5DT02hQTA/oAMCAQGhODA2GwRsZGFw > Gy5mcy1oaWlkby1pcGEtY2EtNjQtMjUyLmhpaWRvLmhvc3QueXlkZXZvcHMuY29t > MAwGA1UdEwEB/wQCMAAwIAYDVR0OAQEABBYEFFmNcihY2hfR8EtJHZbaKlJPQAvN > MA0GCSqGSIb3DQEBCwUAA4IBAQBkxhUjn13xm66r2vBWLjUu74PeuhTvmChkLxQN > 0XWrf8OJ6rl6Lcf4RQYQe6E4xJ6yyVGdM8kPaFQ7W7SYli95r5tVn4LpENYCTewb > q/tqWWLjcgRdk/hBrSknyCBEY1Idf0krbIEJK2vGqbi5ajFZhjlTQ2uiec0k7Wls > EpVFcGkFpgsFBuKKeO3H+Xj+2+w29jnkwXrmu6N4FKh+ikFDQBzy2pO6u/+pIvqq > 9QTpx517GWuLwze4vcIa6xtBAuiq40+A00tWi5exmYCNi7rxpvI56zAvtvN9vMbP > gqfDTBOhPx/4f3WFqAmfWZcGWSmw+xOQzhqPhMxj5Q5cWDsS > -----END NEW CERTIFICATE REQUEST----- > spkac=MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrrmEyzidQmK5zgzD0UIb3H3JbgMQwNO26jPPZpdF1FfSweyQJwNRbdIhYcM5IvRadXuHQYmLIUpHWklBb14lf0JdU9dGG3QUJ3PYgZJhC83r/1F/RJK5AmIVXQwwjfFmPScuEVjDfDBzhK+tOdMpSeDmHMAlOeGh5S3X29XLyBdBWfsUJ417bfLJqr4xHE8go64HuOaE/dWgAlYXDweujWDPH8waRWAq8DYWBEJfnT81QK6c3CbNQp0yMvtZGrQGkDk1xr+f7vRG5a9Chl14mfFSqGnwpxe8g40niAM/MWL10hJff8p7Ie0o5oSG2x5VzoMWZQ/HHmBaRzQHES2ddAgMBAAEWADANBgkqhkiG9w0BAQsFAAOCAQEAOegGLgw81dvQa4LfvEybdeiTwKke9SnXfalpsWoGOsFx8arsLvhihDL0Ai3ZKeVjJTNlq9+1klq2AfAC7s9xC5oIK3YyFVvzSIAhwxiBvAtBe8KwwVfZnNB0HKroXIkn0JrGlyb1fheePSKIZCs1THwFigYSp3MTo0j3wNSFKgusJ+7RH0sLYO/5AwJ4JrqO4xPLz7rSfDbMgep7Qg+Ylv2YIXGecH2Hft/0LLchxbbCJd2OnKNvEW+wyotVwG4v8XPaSBT2aiKuFcD5gMY3clbeTv7tIwuH1K27R0cSiJZKAznMCuB2MhMi+CWRlvCYfS8nyqwziOnYRG3SZa7MLg== > scep_tx=23408524965258346450630507198266950287255212778687783181270846979351580813985 > minicert=MIIDDjCCAfagAwIBAAIgM8DBb8vrkCLtVakYwBoCDvE3QB7kwQiBV5zAfRCoqqEwDQYJKoZIhvcNAQELBQAwOTE3MDUGA1UEAxMuZnMtaGlpZG8taXBhLWNhLTY0LTI1Mi5oaWlkby5ob3N0Lnl5ZGV2b3BzLmNvbTAiGA8yMDIyMDYwNzAwMDAwMFoYDzIxMjIwNjA3MDAwMDAwWjA5MTcwNQYDVQQDEy5mcy1oaWlkby1pcGEtY2EtNjQtMjUyLmhpaWRvLmhvc3QueXlkZXZvcHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq65hMs4nUJiuc4Mw9FCG9x9yW4DEMDTtuozz2aXRdRX0sHskCcDUW3SIWHDOSL0WnV7h0GJiyFKR1pJQW9eJX9CXVPXRht0FCdz2IGSYQvN6/9Rf0SSuQJiFV0MMI3xZj0nLhFYw3wwc4SvrTnTKUng5hzAJTnhoeUt19vVy8gXQVn7FCeNe23yyaq+MRxPIKOuB7jmhP3VoAJWFw8Hro1gzx/MGkVgKvA2FgRCX50/NUCunNwmzUKdMjL7WRq0BpA5Nca/n+70RuWvQoZdeJnxUqhp8KcXvIONJ4gDPzFi9dISX3/KeyHtKOaEhtseVc6DFmUPxx5gWkc0BxEtnXQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCcQSS8v0lkknnYfvPhfBZjyzb9RiszlRVxIj1aZQxum2O3EXI49yhBytL5cz39NjdDMmcn0DS1OlU+y4270Wfb3KiNDvuDfoY7hvahOLQNU+hKAVx13PU7uGQU+3SjOR+FtR2e9gX7QQ3aRjoH+dmm3ys4sS9CN7gnnzw9uVC59+g0snz9iFMV+gFVl/16PSX4F+zJqxna84RIIbBTqfQ00pkB230LmbWKuLxh8CCJHWi9x61a4ZWU25hHMZgP6YoWv3rrrzdZvDscb9Qffp7QPV+II > tzeyGhVKRwZ1tlwMyzrTHAMYixDNS5Ejhr5P/NjSnpDAul/Kw01NKoIe4OI > state=CA_UNREACHABLE > autorenew=1 > monitor=1 > ca_name=IPA > submitted=20220607091038 > ca_error=Server at > https://fs-hiido-kerberos-21-117-149.hiido.host.yydevops.com/ipa/xml failed > request, will retry: 907 (RPC failed at server. cannot connect to > 'https://fs-hiido-kerberos-21-117-149.hiido.host.yydevops.com:443/ca/eeca/ca/profileSubmitSSLClient': > (SSL_ERROR_EXPIRED_CERT_ALERT) SSL peer rejected your certificate as > expired.). > root@fs-hiido-ipa-ca-64-252:/var/lib/certmonger/requests# ^C > root@fs-hiido-ipa-ca-64-252:/var/lib/certmonger/requests# > root@fs-hiido-ipa-ca-64-252:/var/lib/certmonger/requests# > root@fs-hiido-ipa-ca-64-252:/var/lib/certmonger/requests# less 20220607091036 > > id=20220607091036 > key_type=RSA > key_gen_type=RSA > key_size=2048 > key_gen_size=2048 > key_next_type=UNSPECIFIED > key_next_gen_type=RSA > key_next_size=0 > key_next_gen_size=2048 > key_preserve=0 > key_storage_type=NSSDB > key_storage_location=/etc/dirsrv/slapd-YYDEVOPS-COM > key_token=NSS Certificate DB > key_nickname=Server-Cert > key_pin_file=/etc/dirsrv/slapd-YYDEVOPS-COM//pwdfile.txt > key_perms=0 > key_pubkey=3082010A0282010100ABAE6132CE275098AE738330F45086F71F725B80C43034EDBA8CF3D9A5D17515F4B07B2409C0D45B74885870CE48BD169D5EE1D06262C85291D692505BD7895FD09754F5D186DD0509DCF620649842F37AFFD45FD124AE40988557430C237C598F49CB845630DF0C1CE12BEB4E74CA5278398730094E7868794B75F6F572F205D0567EC509E35EDB7CB26AAF8C4713C828EB81EE39A13F7568009585C3C1EBA35833C7F30691580ABC0D85811097E74FCD502BA73709B350A74C8CBED646AD01A40E4D71AFE7FBBD11B96BD0A1975E267C54AA1A7C29C5EF20E349E200CFCC58BD748497DFF29EC87B4A39A121B6C79573A0C59943F1C7981691CD01C44B675D0203010001 > key_pubkey_info=30820122300D06092A864886F70D01010105000382010F003082010A0282010100ABAE6132CE275098AE738330F45086F71F725B80C43034EDBA8CF3D9A5D17515F4B07B2409C0D45B74885870CE48BD169D5EE1D06262C85291D692505BD7895FD09754F5D186DD0509DCF620649842F37AFFD45FD124AE40988557430C237C598F49CB845630DF0C1CE12BEB4E74CA5278398730094E7868794B75F6F572F205D0567EC509E35EDB7CB26AAF8C4713C828EB81EE39A13F7568009585C3C1EBA35833C7F30691580ABC0D85811097E74FCD502BA73709B350A74C8CBED646AD01A40E4D71AFE7FBBD11B96BD0A1975E267C54AA1A7C29C5EF20E349E200CFCC58BD748497DFF29EC87B4A39A121B6C79573A0C59943F1C7981691CD01C44B675D0203010001 > key_generated_date=20220607091036 > key_requested_count=1 > key_issued_count=0 > cert_storage_type=NSSDB > cert_storage_location=/etc/dirsrv/slapd-YYDEVOPS-COM > cert_nickname=Server-Cert > cert_perms=0 > cert_is_ca=0 > cert_ca_path_length=0 > cert_no_ocsp_check=0 > last_need_notify_check=19700101000000 > last_need_enroll_check=19700101000000 > template_subject=fs-hiido-ipa-ca-64-252.hiido.host.yydevops.com > template_principal=ldap/[email protected] > template_is_ca=0 > template_ca_path_length=0 > template_no_ocsp_check=0 > csr=-----BEGIN NEW CERTIFICATE REQUEST----- > MIIDsDCCApgCAQAwOTE3MDUGA1UEAxMuZnMtaGlpZG8taXBhLWNhLTY0LTI1Mi5o > aWlkby5ob3N0Lnl5ZGV2b3BzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC > AQoCggEBAKuuYTLOJ1CYrnODMPRQhvcfcluAxDA07bqM89ml0XUV9LB7JAnA1Ft0 > iFhwzki9Fp1e4dBiYshSkdaSUFvXiV/Ql1T10YbdBQnc9iBkmELzev/UX9EkrkCY > hVdDDCN8WY9Jy4RWMN8MHOEr6050ylJ4OYcwCU54aHlLdfb1cvIF0FZ+xQnjXtt8 > smqvjEcTyCjrge45oT91aACVhcPB66NYM8fzBpFYCrwNhYEQl+dPzVArpzcJs1Cn > TIy+1katAaQOTXGv5/u9Eblr0KGXXiZ8VKoafCnF7yDjSeIAz8xYvXSEl9/ynsh7 > SjmhIbbHlXOgxZlD8ceYFpHNAcRLZ10CAwEAAaCCATAwJQYJKoZIhvcNAQkUMRge > FgBTAGUAcgB2AGUAcgAtAEMAZQByAHQwggEFBgkqhkiG9w0BCQ4xgfcwgfQwgcEG > A1UdEQEBAASBtjCBs6BQBgorBgEEAYI3FAIDoEIMQGxkYXAvZnMtaGlpZG8taXBh > LWNhLTY0LTI1Mi5oaWlkby5ob3N0Lnl5ZGV2b3BzLmNvbUBZWURFVk9QUy5DT02g > XwYGKwYBBQICoFUwU6AOGwxZWURFVk9QUy5DT02hQTA/oAMCAQGhODA2GwRsZGFw > Gy5mcy1oaWlkby1pcGEtY2EtNjQtMjUyLmhpaWRvLmhvc3QueXlkZXZvcHMuY29t > MAwGA1UdEwEB/wQCMAAwIAYDVR0OAQEABBYEFFmNcihY2hfR8EtJHZbaKlJPQAvN > MA0GCSqGSIb3DQEBCwUAA4IBAQBkxhUjn13xm66r2vBWLjUu74PeuhTvmChkLxQN > 0XWrf8OJ6rl6Lcf4RQYQe6E4xJ6yyVGdM8kPaFQ7W7SYli95r5tVn4LpENYCTewb > q/tqWWLjcgRdk/hBrSknyCBEY1Idf0krbIEJK2vGqbi5ajFZhjlTQ2uiec0k7Wls > EpVFcGkFpgsFBuKKeO3H+Xj+2+w29jnkwXrmu6N4FKh+ikFDQBzy2pO6u/+pIvqq > 9QTpx517GWuLwze4vcIa6xtBAuiq40+A00tWi5exmYCNi7rxpvI56zAvtvN9vMbP > gqfDTBOhPx/4f3WFqAmfWZcGWSmw+xOQzhqPhMxj5Q5cWDsS > -----END NEW CERTIFICATE REQUEST----- > spkac=MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrrmEyzidQmK5zgzD0UIb3H3JbgMQwNO26jPPZpdF1FfSweyQJwNRbdIhYcM5IvRadXuHQYmLIUpHWklBb14lf0JdU9dGG3QUJ3PYgZJhC83r/1F/RJK5AmIVXQwwjfFmPScuEVjDfDBzhK+tOdMpSeDmHMAlOeGh5S3X29XLyBdBWfsUJ417bfLJqr4xHE8go64HuOaE/dWgAlYXDweujWDPH8waRWAq8DYWBEJfnT81QK6c3CbNQp0yMvtZGrQGkDk1xr+f7vRG5a9Chl14mfFSqGnwpxe8g40niAM/MWL10hJff8p7Ie0o5oSG2x5VzoMWZQ/HHmBaRzQHES2ddAgMBAAEWADANBgkqhkiG9w0BAQsFAAOCAQEAOegGLgw81dvQa4LfvEybdeiTwKke9SnXfalpsWoGOsFx8arsLvhihDL0Ai3ZKeVjJTNlq9+1klq2AfAC7s9xC5oIK3YyFVvzSIAhwxiBvAtBe8KwwVfZnNB0HKroXIkn0JrGlyb1fheePSKIZCs1THwFigYSp3MTo0j3wNSFKgusJ+7RH0sLYO/5AwJ4JrqO4xPLz7rSfDbMgep7Qg+Ylv2YIXGecH2Hft/0LLchxbbCJd2OnKNvEW+wyotVwG4v8XPaSBT2aiKuFc...skipping... > key_pin_file=/etc/dirsrv/slapd-YYDEVOPS-COM//pwdfile.txt > key_perms=0 > key_pubkey=3082010A0282010100ABAE6132CE275098AE738330F45086F71F725B80C43034EDBA8CF3D9A5D17515F4B07B2409C0D45B74885870CE48BD169D5EE1D06262C85291D692505BD7895FD09754F5D186DD0509DCF620649842F37AFFD45FD124AE40988557430C237C598F49CB845630DF0C1CE12BEB4E74CA5278398730094E7868794B75F6F572F205D0567EC509E35EDB7CB26AAF8C4713C828EB81EE39A13F7568009585C3C1EBA35833C7F30691580ABC0D85811097E74FCD502BA73709B350A74C8CBED646AD01A40E4D71AFE7FBBD11B96BD0A1975E267C54AA1A7C29C5EF20E349E200CFCC58BD748497DFF29EC87B4A39A121B6C79573A0C59943F1C7981691CD01C44B675D0203010001 > key_pubkey_info=30820122300D06092A864886F70D01010105000382010F003082010A0282010100ABAE6132CE275098AE738330F45086F71F725B80C43034EDBA8CF3D9A5D17515F4B07B2409C0D45B74885870CE48BD169D5EE1D06262C85291D692505BD7895FD09754F5D186DD0509DCF620649842F37AFFD45FD124AE40988557430C237C598F49CB845630DF0C1CE12BEB4E74CA5278398730094E7868794B75F6F572F205D0567EC509E35EDB7CB26AAF8C4713C828EB81EE39A13F7568009585C3C1EBA35833C7F30691580ABC0D85811097E74FCD502BA73709B350A74C8CBED646AD01A40E4D71AFE7FBBD11B96BD0A1975E267C54AA1A7C29C5EF20E349E200CFCC58BD748497DFF29EC87B4A39A121B6C79573A0C59943F1C7981691CD01C44B675D0203010001 > key_generated_date=20220607091036 > key_requested_count=1 > key_issued_count=0 > cert_storage_type=NSSDB > cert_storage_location=/etc/dirsrv/slapd-YYDEVOPS-COM > cert_nickname=Server-Cert > cert_perms=0 > cert_is_ca=0 > cert_ca_path_length=0 > cert_no_ocsp_check=0 > last_need_notify_check=19700101000000 > last_need_enroll_check=19700101000000 > template_subject=fs-hiido-ipa-ca-64-252.hiido.host.yydevops.com > template_principal=ldap/[email protected] > template_is_ca=0 > template_ca_path_length=0 > template_no_ocsp_check=0 > csr=-----BEGIN NEW CERTIFICATE REQUEST----- > MIIDsDCCApgCAQAwOTE3MDUGA1UEAxMuZnMtaGlpZG8taXBhLWNhLTY0LTI1Mi5o > aWlkby5ob3N0Lnl5ZGV2b3BzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC > AQoCggEBAKuuYTLOJ1CYrnODMPRQhvcfcluAxDA07bqM89ml0XUV9LB7JAnA1Ft0 > iFhwzki9Fp1e4dBiYshSkdaSUFvXiV/Ql1T10YbdBQnc9iBkmELzev/UX9EkrkCY > hVdDDCN8WY9Jy4RWMN8MHOEr6050ylJ4OYcwCU54aHlLdfb1cvIF0FZ+xQnjXtt8 > smqvjEcTyCjrge45oT91aACVhcPB66NYM8fzBpFYCrwNhYEQl+dPzVArpzcJs1Cn > TIy+1katAaQOTXGv5/u9Eblr0KGXXiZ8VKoafCnF7yDjSeIAz8xYvXSEl9/ynsh7 > SjmhIbbHlXOgxZlD8ceYFpHNAcRLZ10CAwEAAaCCATAwJQYJKoZIhvcNAQkUMRge > FgBTAGUAcgB2AGUAcgAtAEMAZQByAHQwggEFBgkqhkiG9w0BCQ4xgfcwgfQwgcEG > A1UdEQEBAASBtjCBs6BQBgorBgEEAYI3FAIDoEIMQGxkYXAvZnMtaGlpZG8taXBh > LWNhLTY0LTI1Mi5oaWlkby5ob3N0Lnl5ZGV2b3BzLmNvbUBZWURFVk9QUy5DT02g > XwYGKwYBBQICoFUwU6AOGwxZWURFVk9QUy5DT02hQTA/oAMCAQGhODA2GwRsZGFw > Gy5mcy1oaWlkby1pcGEtY2EtNjQtMjUyLmhpaWRvLmhvc3QueXlkZXZvcHMuY29t > MAwGA1UdEwEB/wQCMAAwIAYDVR0OAQEABBYEFFmNcihY2hfR8EtJHZbaKlJPQAvN > MA0GCSqGSIb3DQEBCwUAA4IBAQBkxhUjn13xm66r2vBWLjUu74PeuhTvmChkLxQN > 0XWrf8OJ6rl6Lcf4RQYQe6E4xJ6yyVGdM8kPaFQ7W7SYli95r5tVn4LpENYCTewb > q/tqWWLjcgRdk/hBrSknyCBEY1Idf0krbIEJK2vGqbi5ajFZhjlTQ2uiec0k7Wls > EpVFcGkFpgsFBuKKeO3H+Xj+2+w29jnkwXrmu6N4FKh+ikFDQBzy2pO6u/+pIvqq > 9QTpx517GWuLwze4vcIa6xtBAuiq40+A00tWi5exmYCNi7rxpvI56zAvtvN9vMbP > gqfDTBOhPx/4f3WFqAmfWZcGWSmw+xOQzhqPhMxj5Q5cWDsS > -----END NEW CERTIFICATE REQUEST----- > spkac=MIICQDCCASgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrrmEyzidQmK5zgzD0UIb3H3JbgMQwNO26jPPZpdF1FfSweyQJwNRbdIhYcM5IvRadXuHQYmLIUpHWklBb14lf0JdU9dGG3QUJ3PYgZJhC83r/1F/RJK5AmIVXQwwjfFmPScuEVjDfDBzhK+tOdMpSeDmHMAlOeGh5S3X29XLyBdBWfsUJ417bfLJqr4xHE8go64HuOaE/dWgAlYXDweujWDPH8waRWAq8DYWBEJfnT81QK6c3CbNQp0yMvtZGrQGkDk1xr+f7vRG5a9Chl14mfFSqGnwpxe8g40niAM/MWL10hJff8p7Ie0o5oSG2x5VzoMWZQ/HHmBaRzQHES2ddAgMBAAEWADANBgkqhkiG9w0BAQsFAAOCAQEAOegGLgw81dvQa4LfvEybdeiTwKke9SnXfalpsWoGOsFx8arsLvhihDL0Ai3ZKeVjJTNlq9+1klq2AfAC7s9xC5oIK3YyFVvzSIAhwxiBvAtBe8KwwVfZnNB0HKroXIkn0JrGlyb1fheePSKIZCs1THwFigYSp3MTo0j3wNSFKgusJ+7RH0sLYO/5AwJ4JrqO4xPLz7rSfDbMgep7Qg+Ylv2YIXGecH2Hft/0LLchxbbCJd2OnKNvEW+wyotVwG4v8XPaSBT2aiKuFcD5gMY3clbeTv7tIwuH1K27R0cSiJZKAznMCuB2MhMi+CWRlvCYfS8nyqwziOnYRG3SZa7MLg== > scep_tx=23408524965258346450630507198266950287255212778687783181270846979351580813985 > minicert=MIIDDjCCAfagAwIBAAIgM8DBb8vrkCLtVakYwBoCDvE3QB7kwQiBV5zAfRCoqqEwDQYJKoZIhvcNAQELBQAwOTE3MDUGA1UEAxMuZnMtaGlpZG8taXBhLWNhLTY0LTI1Mi5oaWlkby5ob3N0Lnl5ZGV2b3BzLmNvbTAiGA8yMDIyMDYwNzAwMDAwMFoYDzIxMjIwNjA3MDAwMDAwWjA5MTcwNQYDVQQDEy5mcy1oaWlkby1pcGEtY2EtNjQtMjUyLmhpaWRvLmhvc3QueXlkZXZvcHMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq65hMs4nUJiuc4Mw9FCG9x9yW4DEMDTtuozz2aXRdRX0sHskCcDUW3SIWHDOSL0WnV7h0GJiyFKR1pJQW9eJX9CXVPXRht0FCdz2IGSYQvN6/9Rf0SSuQJiFV0MMI3xZj0nLhFYw3wwc4SvrTnTKUng5hzAJTnhoeUt19vVy8gXQVn7FCeNe23yyaq+MRxPIKOuB7jmhP3VoAJWFw8Hro1gzx/MGkVgKvA2FgRCX50/NUCunNwmzUKdMjL7WRq0BpA5Nca/n+70RuWvQoZdeJnxUqhp8KcXvIONJ4gDPzFi9dISX3/KeyHtKOaEhtseVc6DFmUPxx5gWkc0BxEtnXQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCcQSS8v0lkknnYfvPhfBZjyzb9RiszlRVxIj1aZQxum2O3EXI49yhBytL5cz39NjdDMmcn0DS1OlU+y4270Wfb3KiNDvuDfoY7hvahOLQNU+hKAVx13PU7uGQU+3SjOR+FtR2e9gX7QQ3aRjoH+dmm3ys4sS9CN7gnnzw9uVC59+g0snz9iFMV+gFVl/16PSX4F+zJqxna84RIIbBTqfQ00pkB230LmbWKuLxh8CCJHWi9x61a4ZWU25hHMZgP6YoWv3rrrzdZvDscb9Qffp7QPV+II > tzeyGhVKRwZ1tlwMyzrTHAMYixDNS5Ejhr5P/NjSnpDAul/Kw01NKoIe4OI > state=CA_UNREACHABLE > autorenew=1 > monitor=1 > ca_name=IPA > submitted=20220607091038 > ca_error=Server at > https://fs-hiido-kerberos-21-117-149.hiido.host.yydevops.com/ipa/xml failed > request, will retry: 907 (RPC failed at server. cannot connect to > 'https://fs-hiido-kerberos-21-117-149.hiido.host.yydevops.com:443/ca/eeca/ca/profileSubmitSSLClient': > (SSL_ERROR_EXPIRED_CERT_ALERT) SSL peer rejected your certificate as > expired.). > > Tested several servers are the same, should be ca expired problem > What do I need to do to replicate this situation?
You need to get your CA working again. Standing up a replica requires certificates and if your CA isn't up there is nothing to issue them. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
