On 6/5/20 7:50 PM, John Burns via FreeIPA-users wrote:
I have this exact same error on ipa-certupdate, after deleting certs that expired on May 30. Were you able to find any leads in the time since this post?
ipa-certupdate is needed after "ipa-cacert-manage install" commands, prior to ipa-server-certinstall. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Hi,
I believe this question was already answered in the thread: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
If you forgot to run ipa-certupdate on a node, you need to add the new CA to /etc/ipa/ca.crt and /etc/ipa/nssdb. After that, ipa-certupdate should work.
HTH, flo