Dear all, thank you very much for your help.
After some more searching, I found that this command (from https://floblanc.wordpress.com/2017/09/11/troubleshooting-freeipa-pki-tomcatd-fails-to-start/) [root@ipa2 ~] certutil -L -d /etc/pki/pki-tomcat/alias -n 'subsystemCert cert-pki-ca' shows that there is a valid certificate: Certificate: Data: Version: 3 (0x2) Serial Number: ... Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption Issuer: "CN=Certificate Authority,O=PLEIADES.UNI-WUPPERTAL.DE" Validity: Not Before: Fri Jan 25 08:55:41 2019 Not After : Thu Jan 14 08:55:41 2021 Subject: "CN=CA Subsystem,O=PLEIADES.UNI-WUPPERTAL.DE" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: But then I get: [root@ipa2 ~]# grep internal /var/lib/pki/pki-tomcat/conf/password.conf | cut -d= -f2 > /tmp/pwdfile.txt [root@ipa2 ~]# certutil -K -d /etc/pki/pki-tomcat/alias -f /tmp/pwdfile.txt -n 'subsystemCert cert-pki-ca' certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" certutil: problem listing keys: SEC_ERROR_UNRECOGNIZED_OID: Unrecognized Object Identifier. [root@ipa2 ~]# certutil -K -d /etc/pki/pki-tomcat/alias -f /tmp/pwdfile.txt -n 'NSS Certificate DB: subsystemCert cert-pki-ca' certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" certutil: problem listing keys: SEC_ERROR_UNRECOGNIZED_OID: Unrecognized Object Identifier. [root@ipa2 ~]# What can I do????? Thanks a lot!!! Best regards, Marisa -- Dr. Marisa Sandhoff Experimentelle Elementarteilchenphysik Fakultät für Mathematik und Naturwissenschaften Bergische Universitaet Wuppertal Gaussstr. 20 D-42097 Wuppertal, Germany ------- [email protected] [email protected] Raum D.09.03 Phone +49 202 439 3521 _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
