Unable to renew Directory Server and Apache SSL server certificates

Comments

The Directory Server and Apache SSL server certificates on our IPA master (RHEL 6.5/IPA version 3.0.0) server did not renew automatically and are now expired. I have followed the steps in How do I manually renew Identity Management (IPA) certificates after they have expired? (Master IPA Server) but these three certificates will not renew.

The error shown by getcert list for the certificates after running ipa-getcert resubmit -i [Request ID] is

Certificate operation cannot be completed: Failure decoding Certificate Signing Request: (SSL_ERROR_NO_CERTIFICATE) Unable to find the certificate or key necessary for authentication.).

Before resubmission, when the services have been restarted the error is more likely to be

(SEC_ERROR_BUSY) NSS could not shutdown. Objects are still in use.

Any help would be appreciated.

Started 2017-11-27T21:29:15+00:00 by

John Frommeyer

Community Member 35 points

Select Your Language

Unable to renew Directory Server and Apache SSL server certificates

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links