Dear John (remembering the movie dear John :))

Thank you for replying.

all the four certificates (casubsystemCert, auditSigningCert, ocspSigningCert and serverCert) were expired, however after several tries, i was able to renew them by changing the system date back to a valid time and renew them via the pkiconsole.

Although it was successful, now RA and OCSP are not communicating with the CA. Which means, OCSP updates are not being published, and RA requests are not being signed (getting the CA:invalid request error).

Any suggestion?

On Fri, Nov 14, 2014 at 11:41 PM, John Magne <jmagne@redhat.com> wrote:

Hi:

If you could, could you tell us exactly which certs are expired?

Also, related how much functionality does your CA have? Does it
even start and field requests?

thanks,
jack

----- Original Message -----
> From: "pki tech" <techpkiuser@gmail.com>
> To: pki-users@redhat.com
> Sent: Thursday, November 13, 2014 10:31:18 PM
> Subject: [Pki-users] Urgent Help Needed - CA subsystem certificate renewal
>
> Dear All,
>
> In our Issuing CA, all the subsystem certificates are expired except the
> caSigningCert.
>
> I can generate the new certificate requests via certutil, but how can i get
> them signed?
>
> your swift response is appreciated.
>
> Regards,
> Kamal
>

> _______________________________________________
> Pki-users mailing list
> Pki-users@redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users