Hello,
i upgrade my centos 7.5 ipaserver to an new version and runned into a few
problems.
It seems like 'subsystemCert cert-pki-ca' is expired nearly a month ago
(jul 22) and i am not sure how to renew it.
When i run the ipa-server-upgrade manual, i run into a error with the ca
certificates and in the log i found that line:
Internal Database Error encountered: Could not connect to LDAP server host
ipababy.int.asta-frankfurt.de port 636 Error netscape.ldap.LDAPException:
Unable to create socket: org.mozilla.jss.ssl.SSLSocketException:
org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8181)
Peer's Certificate has expired. (-1)
When i run ipactl start, tomcatd and httpd wont start.
I allready tried to turn back time, but i dont know how to manual start
pki-tomcatd or any other way to renew the certificates.
Or do i look in the wrong diection the whole time?
Thank u all for ur help