Roberto Cornacchia via FreeIPA-users wrote: > > I'm not sure why it was not renewed, but now that it is in this > state, what would be the correct procedure to renew it? > > > The other IPA server is the CA renewal master and it does have a valid > certificate.
The CA subsystem certificates are renewed on the renewal master server and put into LDAP. The CA clones will pick up the certificates from there. You can force it to try to fetch it with: # getcert resubmit -d /etc/pki/pki-tomcat/alias -n 'subsystemCert cert-pki-ca' -v -w With -v and -w you'll be able to follow along with the progress. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
