No all the certificates of RA are not expired.
In the case of OCSP, once the CA system certificates are renewed, CA
subSystemCert should be replaced in the OCSP via the pkiconsole.
How can we do that in the RA?
On Tue, Nov 18, 2014 at 8:57 PM, Ade Lee <alee(a)redhat.com> wrote:
The RA communicates with the CA using its subsystem cert.
Is that cert expired too?
You should look at the logs on the RA and the CA to try to see why the
requests are not being processed correctly.
Ade
On Sat, 2014-11-15 at 19:12 +0530, Kamal Perera wrote:
> Dear John (remembering the movie dear John :))
>
>
> Thank you for replying.
>
>
> all the four certificates (casubsystemCert, auditSigningCert,
> ocspSigningCert and serverCert) were expired, however after several
> tries, i was able to renew them by changing the system date back to a
> valid time and renew them via the pkiconsole.
>
>
> Although it was successful, now RA and OCSP are not communicating with
> the CA. Which means, OCSP updates are not being published, and RA
> requests are not being signed (getting the CA:invalid request error).
>
>
> Any suggestion?
>
>
> On Fri, Nov 14, 2014 at 11:41 PM, John Magne <jmagne(a)redhat.com>
> wrote:
> Hi:
>
> If you could, could you tell us exactly which certs are
> expired?
>
> Also, related how much functionality does your CA have? Does
> it
> even start and field requests?
>
> thanks,
> jack
>
>
>
> ----- Original Message -----
> > From: "pki tech" <techpkiuser(a)gmail.com>
> > To: pki-users(a)redhat.com
> > Sent: Thursday, November 13, 2014 10:31:18 PM
> > Subject: [Pki-users] Urgent Help Needed - CA subsystem
> certificate renewal
> >
> > Dear All,
> >
> > In our Issuing CA, all the subsystem certificates are
> expired except the
> > caSigningCert.
> >
> > I can generate the new certificate requests via certutil,
> but how can i get
> > them signed?
> >
> > your swift response is appreciated.
> >
> > Regards,
> > Kamal
> >
>
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users(a)redhat.com
> >
https://www.redhat.com/mailman/listinfo/pki-users
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/pki-users