IPA CA expired
Posted: 2021/03/18 13:42:28
I had another thread, but to clean up a bit i think this is a new issue:
My IPA server CA ran out. it´s IPA 2.9 on centos6 and CA root cert was set to 8 years validity...
so i tried to set date to before that, sync hardwareclock and make a server replication with
ipa-replica-prepare
but it did not work, it still said that the certificate expired... now i am completely on a dead end.
I planned on leaving the date 3 months back, set up a new centos with same back data, set up new ipa and install the replica, and let the mechanism that renews the CA in the new IPA versions ( because i am not the only one with this problem and in the new versions they set cert validity to 20 years ) do its magic.
How can i save this?
i have about 50 Users and roughly 80 Servers and Workstations on the 2 IPA servers, and i am really not prepared to set up everything from scratch again.
I found howtos that renew the certificates, but they all expire on the ca expiration, of course, and i cannot think how to renew the ca itself without damaging everything.
My IPA server CA ran out. it´s IPA 2.9 on centos6 and CA root cert was set to 8 years validity...
so i tried to set date to before that, sync hardwareclock and make a server replication with
ipa-replica-prepare
but it did not work, it still said that the certificate expired... now i am completely on a dead end.
I planned on leaving the date 3 months back, set up a new centos with same back data, set up new ipa and install the replica, and let the mechanism that renews the CA in the new IPA versions ( because i am not the only one with this problem and in the new versions they set cert validity to 20 years ) do its magic.
How can i save this?
i have about 50 Users and roughly 80 Servers and Workstations on the 2 IPA servers, and i am really not prepared to set up everything from scratch again.
I found howtos that renew the certificates, but they all expire on the ca expiration, of course, and i cannot think how to renew the ca itself without damaging everything.