IPA CA expired

General support questions
Post Reply
goorooj
Posts: 4
Joined: 2021/03/16 10:58:18

IPA CA expired

Post by goorooj » 2021/03/18 13:42:28

I had another thread, but to clean up a bit i think this is a new issue:

My IPA server CA ran out. it´s IPA 2.9 on centos6 and CA root cert was set to 8 years validity...

so i tried to set date to before that, sync hardwareclock and make a server replication with
ipa-replica-prepare
but it did not work, it still said that the certificate expired... now i am completely on a dead end.

I planned on leaving the date 3 months back, set up a new centos with same back data, set up new ipa and install the replica, and let the mechanism that renews the CA in the new IPA versions ( because i am not the only one with this problem and in the new versions they set cert validity to 20 years ) do its magic.

How can i save this?

i have about 50 Users and roughly 80 Servers and Workstations on the 2 IPA servers, and i am really not prepared to set up everything from scratch again.

I found howtos that renew the certificates, but they all expire on the ca expiration, of course, and i cannot think how to renew the ca itself without damaging everything.

Post Reply