[Freeipa-users] Re: new freeipa server

Fri, 02 Mar 2018 08:19:51 -0800 

[ec2-user@freeipa01 ~]$ sudo getcert listNumber of certificates and requests 
being tracked: 1.Request ID '20180302161736':        status: CA_UNREACHABLE     
   ca-error: Error 58 connecting to 
https://freeipa01.east.ipa.gatewayblend.com:8443/ca/agent/ca//profileReview: 
Problem with the local SSL certificate.        stuck: no        key pair 
storage: type=FILE,location='/var/lib/ipa/ra-agent.key'        certificate: 
type=FILE,location='/var/lib/ipa/ra-agent.pem'        CA: 
dogtag-ipa-ca-renew-agent        issuer:        subject:        expires: 
unknown        pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre  
      post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert        
track: yes        auto-renew: yes[ec2-user@freeipa01 ~]$ 

    On Thursday, March 1, 2018 3:29 PM, Rob Crittenden via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:
 

 Andrew Meyer via FreeIPA-users wrote:
> While building a new freeipa server in AWS I got this error:
> 2018-03-01T18:15:49Z DEBUG The ipa-server-install command failed,
> exception: RuntimeError: Certificate issuance failed (CA_UNREACHABLE)
> 2018-03-01T18:15:49Z ERROR Certificate issuance failed (CA_UNREACHABLE)
> 2018-03-01T18:15:49Z ERROR The ipa-server-install command failed. See
> /var/log/ipaserver-install.log for more information
> 
> I did some research and found this is possibly related to version 4.5.0?  

Probably not. Run getcert-list to hopefully get more context to the error.

> I have a host entry in /etc/hosts but that didn't seem to fix the
> problem.  Is there something else I'm missing?
> 
> Do you know when 4.6.x will be released to epel/amazon?

The usual cause for version lag in RHEL is missing dependencies. Many
important changes are backported so in RHEL you can never really rely on
the version.

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


   
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to