Umarzuki Mochlis wrote:
> 2018-02-13 22:59 GMT+08:00 Rob Crittenden <rcrit...@redhat.com>:
>> Umarzuki Mochlis via FreeIPA-users wrote:
>>> it stuck with "status: SUBMITTING" when I issue command "ipa-getcert
>>> list" after I resubmit cert renew "get-cert resubmit -i ID"
>>
>> Which request is stuck? Can you provide the output of ipa-getcert list
>> -i ID?
>>
>> rob
> 
> these request still 'submitting' since service started. I resubmit
> them one or two years ago.

The certs are certainly very expired at this point. Do these exist in
reality anymore?

# certutil -L -d /etc/dirsrv/slapd-DOMAIN-COM
# certutil -L -d /etc/httpd/alias
# grep NSSNickname /etc/httpd/conf.d/nss.conf

rob

> 
> [root@ipa ~]# ipa-getcert list | more
> Number of certificates and requests being tracked: 7.
> Request ID '20130112120232':
>     status: SUBMITTING
>     stuck: no
>     key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-DOMAIN-COM',nic
> kname='Server-Cert',token='NSS Certificate
> DB',pinfile='/etc/dirsrv/slapd-DOMAIN-COM/pwdfile.txt'
>     certificate: type=NSSDB,location='/etc/dirsrv/slapd-DOMAIN-COM',nickname
> ='Server-Cert',token='NSS Certificate DB'
>     CA: IPA
>     issuer: CN=Certificate Authority,O=DOMAIN.COM
>     subject: CN=ipa.domain.com,O=DOMAIN.COM
>     expires: 2016-12-16 16:18:27 UTC
>     eku: id-kp-serverAuth,id-kp-clientAuth
>     pre-save command:
>     post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv DOMAIN-COM
>     track: yes
>     auto-renew: yes
> Request ID '20130112120734':
>     status: SUBMITTING
>     stuck: no
>     key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Serve
> r-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>     certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cer
> t',token='NSS Certificate DB'
>     CA: IPA
>     issuer: CN=Certificate Authority,O=DOMAIN.COM
>     subject: CN=ipa.domain.com,O=DOMAIN.COM
>     expires: 2016-12-16 16:18:27 UTC
>     eku: id-kp-serverAuth,id-kp-clientAuth
>     pre-save command:
>     post-save command: /usr/lib64/ipa/certmonger/restart_httpd
>     track: yes
>     auto-renew: yes
> 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to