Red Hat Bugzilla – Bug 868009
CA did not properly regenerate certs
Last modified: 2012-10-19 12:55:59 EDT
Description of problem:
Following the steps at:
resulted in broken certs
Version-Release number of selected component (if applicable):
Steps to Reproduce:
2. getcert list | grep expires
3. date MMDDhhmmCCYY to 6 days before certs expire
Certs regenerate properly
Certs were briefly in the state SUBMITTED but quickly turned to the above.
During renewal there should have been a lot of syslog activity. Can you attach /var/log/messages?
Can you also include the output of date and getcert list?
Rob, looking back at the logs to make sure that I had what you needed, I realized I made a critical error in the steps above. I set the date AFTER the certs expired (I had meant to set the time to ~10am 2014-10-02, and instead set it to ~10am 2024-10-08, which was post expiration)
If you still want /var/log/messages from the run I can provide it, but I suspect doing what I did does some very bad things that would not occur in normal operation. This can probably be closed - I will try it again and do it right this time - if I still encounter errors I will open a new ticket.
Confirmed - works properly, when you follow the steps properly.