Red Hat Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments
    • Tags

    Unable to renew Directory Server and Apache SSL server certificates

    Posted on

    The Directory Server and Apache SSL server certificates on our IPA master (RHEL 6.5/IPA version 3.0.0) server did not renew automatically and are now expired. I have followed the steps in How do I manually renew Identity Management (IPA) certificates after they have expired? (Master IPA Server) but these three certificates will not renew.

    The error shown by 

    getcert list
    for the certificates after running 
    ipa-getcert resubmit -i [Request ID]
    is

    Certificate operation cannot be completed: Failure decoding Certificate Signing Request: (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key necessary for authentication.).

    Before resubmission, when the services have been restarted the error is more likely to be

    (SEC_ERROR_BUSY) NSS could not shutdown. Objects are still in use.

    Any help would be appreciated.

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2026 Red Hat