Hi, on the ipa.dom.loc server, the following certs are expired:
- auditSigningCert cert-pki-ca (2024-12-01) - ocspSigningCert cert-pki-ca (2024-12-01) - subsystemCert cert-pki-ca (2024-12-01) - ipaCert (2024-12-01) - Server-Cert cert-pki-ca (2024-12-01) on the ipa2.dom.loc server, the following certs are expired: - auditSigningCert cert-pki-ca (2024-11-19) - ocspSigningCert cert-pki-ca (2024-11-19) - subsystemCert cert-pki-ca (2024-11-19) - ipaCert (2024-11-19) If both masters are part of the same topology, there clearly is an issue as the certs (except Server-Cert cert-pki-ca) should be identical on both machines. Are they replicating to each other? You need to find the CA renewal master: # kinit admin # ipa config-show Then start by repairing this server. You can follow https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/9/html-single/managing_certificates_in_idm/index#renewing-expired-system-certificates-on-a-ca_renewing-expired-system-certificates-when-idm-is-offline HTH, flo On Mon, Dec 9, 2024 at 6:25 AM Dmitry Krasov via FreeIPA-users < [email protected]> wrote: > Hello Rob. > is there enough information? > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
