#2631 Document how to start services with expired certificates
Closed: Fixed None Opened 9 years ago by rcritten.

We should document how to start the basic IPA services when the SSL certificates have expired so one can run in a degraded mode while the underlying problems are resolved.

In mod_nss set EnforceValidCerts to no and restart httpd

In 389-ds set nsslapd-validate-cert to warn in dse.ldif

Doing these should allow all Apache, Kerberos, named and 389-ds-base to come up so at least users can log in. Client services (e.g. sudo) that require SSL will still fail due to the expired server certificates.

Metadata Update from @rcritten:
- Issue assigned to elladeon
- Issue set to the milestone: FreeIPA 2.2.0 Documentation

4 years ago

Login to comment on this ticket.