> ^ This one (caSigningCert cert-pki-ca) is IPA CA and expires 2022-11-11 but > it definitely looks wrong, unless IPA was installed with custom (and > puzzlin) options: subject CN=localhost. > > How was IPA installed? The default settings would install a self-signed CA > with subject CN=Certificate Authority,O=IPA.TEST for instance. > What is the content of /etc/ipa/ca.crt? You should see the original IPA CA > in this file.
Yeah, I just used 'ipa-server-install' and as much default as possible. Definitely wasn't trying anything fancy. I do still have the original install log (and my entire command history) if there's something worth looking for in there. /etc/ipa/ca.crt is just "-----BEGIN CERTIFICATE-----[text]-----END CERTIFICATE-----"; should there be something more informative in there? Any thoughts on what I can try to renew these? As an aside: Honestly, I would love nothing more than to get IPA off of this damn server and onto one that is actually supported and can, you know, but updated. :[ My impression is that the only way I can do that though is through replicating it to another instance and promoting the new one/retiring the old one... but like I said, I have tried many times to add another and have been unsuccessful. Is there a way to restore the data from a backup into a new install? PS. Thank you for replying; I appreciate the help. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
