Bug 2062856

Summary: ldap, httpd and kdc certs failing to renew post year 2038
Product: Red Hat Enterprise Linux 9 Reporter: Mohammad Rizwan <myusuf>
Component: ipaAssignee: Florence Blanc-Renaud <frenaud>
Status: NEW --- QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0CC: ftrivino, jrische, pasik, rcritten, tscherf
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2027125    

Description Mohammad Rizwan 2022-03-10 17:20:42 UTC 
Description of problem:
ca-cert-renewal test is failing to renew the httpd,kdc,certs with rhel-9.0 image from idm-ci. Where as when used rhel-9.0-nightly image, httpd cert is failing.

Version-Release number of selected component (if applicable):
ipa-server-4.9.8-6.el9.x86_64
ipa-server-dns-4.9.8-6.el9.noarch

sssd-ipa-2.6.2-2.el9.x86_64
sssd-client-2.6.2-2.el9.x86_64

httpd-2.4.51-5.el9.x86_64
krb5-server-1.19.1-13.el9.x86_64
krb5-pkinit-1.19.1-13.el9.x86_64

389-ds-base-2.0.14-1.el9.x86_64
pki-base-11.0.3-1.el9.noarch
pki-server-11.0.3-1.el9.noarch

How reproducible:
always

Steps to Reproduce:
1. run https://ci-jenkins-csb-idmops.apps.ocp-c1.prod.psi.redhat.com/job/ipa-RHEL9.0/job/Nightly/job/tier-3-RHEL9.0-Nightly-pytest-ca-cert-renewal/

Actual results:
httpd, kdc, ldap cert is failing to renew and status is showing as CA_UNREACHABLE with rhel-9.0 idm-ci image (failing for year 2039)

httpd cert is failing to renew and status CA_UNREACHABLE with idm-ci rhel-9.0 nightly image. (failing for year 2030)

Expected results:
certs renew successfully 

Additional info: