1ipa-cert-fix(1) IPA Manual Pages ipa-cert-fix(1)
2
3
4
6 ipa-cert-fix - Renew expired certificates
7
9 ipa-cert-fix [options]
10
12 ipa-cert-fix is a tool for recovery when expired certificates prevent
13 the normal operation of IPA. It should ONLY be used in such scenarios,
14 and backup of the system, especially certificates and keys, is STRONGLY
15 RECOMMENDED.
16
17 Do not use this program unless expired certificates are inhibiting nor‐
18 mal operation and renewal procedures.
19
20 To renew the IPA CA certificate, use ipa-cacert-manage(1).
21
22 This tool cannot renew certificates signed by external CAs. To install
23 new, externally-signed HTTP, LDAP or KDC certificates, use ipa-server-
24 certinstall(1).
25
26 ipa-cert-fix will examine IPA and Certificate System certificates and
27 renew certificates that are expired, or close to expiry (less than two
28 weeks). If any "shared" certificates are renewed, ipa-cert-fix will
29 set the current server to be the CA renewal master, and add the new
30 shared certificate(s) to LDAP for replication to other CA servers.
31 Shared certificates include all Dogtag system certificates except the
32 HTTPS certificate, and the IPA RA certificate.
33
34 To repair certificates across multiple CA servers, first ensure that
35 LDAP replication is working across the topology. Then run ipa-cert-fix
36 on one CA server. Before running ipa-cert-fix on another CA server,
37 trigger Certmonger renewals for shared certificates via getcert-resub‐
38 mit(1) (on the other CA server). This is to avoid unnecessary renewal
39 of shared certificates.
40
41
43 --version
44 Show the program's version and exit.
45
46 -h, --help
47 Show the help for this program.
48
49 -v, --verbose
50 Print debugging information.
51
52 -q, --quiet
53 Output only errors (output from child processes may still be
54 shown).
55
56 --log-file=FILE
57 Log to the given file.
58
60 0 if the command was successful
61
62 1 if an error occurred
63
64
66 ipa-cacert-manage(1) ipa-server-certinstall(1) getcert-resubmit(1)
67
68
69
70IPA Mar 25 2019 ipa-cert-fix(1)