> Hi,
>
> On Fri, Jul 15, 2022 at 11:22 AM roy liang via FreeIPA-users <
> freeipa-users(a)lists.fedorahosted.org> wrote:
>
> CA_UNREACHABLE means that there is an error contacting the Certificate
> Server.
>
> You can find more information and troubleshooting tips in these blog posts:
> https://floblanc.wordpress.com/2016/12/06/using-certmonger-to-track-certi...
> https://floblanc.wordpress.com/2016/12/19/troubleshooting-certmonger-issu...
>
> flo
Thank you for the documentation,
I installed the above debugging log output,
Ubuntu16.04 has a conflict with freeipa, the following two paths?Copy a file to
/etc/httpd/alias/.
certificate location /etc/apache2/nssdb
DEBUG stderr=Error opening "/etc/httpd/alias/pwdfile.txt": No such file or
directory.
1:
getcert list
Request ID '20200509161129':
status: CA_UNREACHABLE
ca-error: Error 77 connecting to
https://migration-ipa-65-214.hiido.host.yydevops.com:8443/ca/agent/ca/profileReview:
Problem with the SSL CA cert (path? access rights?).
stuck: no
key pair storage:
type=NSSDB,location='/etc/apache2/nssdb',nickname='ipaCert',token='NSS
Certificate DB',pinfile='/etc/apache2/nssdb/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/apache2/nssdb',nickname='ipaCert',token='NSS
Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=YYDEVOPS.COM
subject: CN=IPA RA,O=YYDEVOPS.COM
expires: 2022-04-29 16:11:22 UTC
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command: /usr/lib/ipa/certmonger/renew_ra_cert_pre
post-save command: /usr/lib/ipa/certmonger/renew_ra_cert
track: yes
auto-renew: yes
2:
/.ipa/log/renew.log
2022-04-26T20:38:34Z 19299 MainThread ipa DEBUG Initializing
principal host/[email protected] using
keytab /etc/krb5.keytab
2022-04-26T20:38:34Z 19299 MainThread ipa DEBUG using ccache
/var/run/certmonger/tmp-qmaSkg/ccache
2022-04-26T20:38:34Z 19299 MainThread ipa DEBUG Attempt 1/1:
success
2022-04-26T20:38:34Z 19299 MainThread ipa DEBUG Loading
StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
2022-04-26T20:38:35Z 19299 MainThread
ipa.ipapython.ipaldap.SchemaCache DEBUG flushing
ldap://migration-ipa-65-214.hiido.host.yydevops.com:389 from SchemaCache
2022-04-26T20:38:35Z 19299 MainThread
ipa.ipapython.ipaldap.SchemaCache DEBUG retrieving schema for
SchemaCache url=ldap://migration-ipa-65-214.hiido.host.yydevops.com:389
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7fc160802b48>
2022-04-26T20:38:36Z 19299 MainThread ipa DEBUG Starting
external process
2022-04-26T20:38:36Z 19299 MainThread ipa DEBUG
args=/usr/lib/certmonger/dogtag-ipa-renew-agent-submit -vv
2022-04-26T20:38:36Z 19299 MainThread ipa DEBUG Process
finished, return code=3
2022-04-26T20:38:36Z 19299 MainThread ipa DEBUG stdout=Error 77
connecting to
https://migration-ipa-65-214.hiido.host.yydevops.com:8443/ca/agent/ca/profileReview:
Problem with the SSL CA cert (path? access rights?).
2022-04-26T20:38:36Z 19299 MainThread ipa DEBUG stderr=Error
opening "/etc/httpd/alias/pwdfile.txt": No such file or directory.
* Trying 10.12.65.214...
* Connected to migration-ipa-65-214.hiido.host.yydevops.com (10.12.65.214) port
8443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* WARNING: failed to load NSS PEM library libnsspem.so. Using OpenSSL PEM
certificates will not work.
* Closing connection 0
GET
"https://migration-ipa-65-214.hiido.host.yydevops.com:8443/ca/agent/ca/profileReview?requestId=15&xml=true";
code = 77
code_text = "Problem with the SSL CA cert (path? access rights?)"
results = "(null)"
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
