lol lol via FreeIPA-users wrote: > Hi Rob, > Thank you for the answer! > > I have tried what you have suggested and here's the result: > > pki -v ca-cert find > INFO: PKI options: -v > INFO: PKI command: ca-cert ca-cert find > INFO: Java command: /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -cp > /usr/share/pki/lib/* -Dcom.redhat.fips=false > -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties > com.netscape.cmstools.cli.MainCLI -v ca-cert find > INFOS: Server URL: https://ipa.domain.priv:8443 > INFOS: NSS database: /root/.dogtag/nssdb > INFOS: Message format: null > INFOS: Command: ca-cert find > INFOS: Module: ca > INFOS: Initializing NSS > INFOS: Using internal token > INFOS: Module: cert > INFOS: Module: find > INFOS: Connecting to https://ipa.domain.priv:8443 > javax.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request > at > org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:317) > at > org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:442) > at > org.jboss.resteasy.client.jaxrs.internal.proxy.ClientInvoker.invoke(ClientInvoker.java:106) > at > org.jboss.resteasy.client.jaxrs.internal.proxy.ClientProxy.invoke(ClientProxy.java:76) > at com.sun.proxy.$Proxy23.getInfo(Unknown Source) > at org.dogtagpki.common.InfoClient.getInfo(InfoClient.java:43) > at com.netscape.certsrv.client.PKIClient.getInfo(PKIClient.java:221) > at com.netscape.cmstools.cli.MainCLI.getClient(MainCLI.java:603) > at org.dogtagpki.cli.CLI.getClient(CLI.java:207) > at org.dogtagpki.cli.CLI.getClient(CLI.java:207) > at com.netscape.cmstools.ca.CACertCLI.getCertClient(CACertCLI.java:85) > at > com.netscape.cmstools.ca.CACertFindCLI.execute(CACertFindCLI.java:245) > at org.dogtagpki.cli.CommandCLI.execute(CommandCLI.java:58) > at org.dogtagpki.cli.CLI.execute(CLI.java:357) > at org.dogtagpki.cli.CLI.execute(CLI.java:357) > at com.netscape.cmstools.cli.SubsystemCLI.execute(SubsystemCLI.java:79) > at org.dogtagpki.cli.CLI.execute(CLI.java:357) > at com.netscape.cmstools.cli.MainCLI.execute(MainCLI.java:665) > at com.netscape.cmstools.cli.MainCLI.main(MainCLI.java:701) > Caused by: org.mozilla.jss.ssl.SSLSocketException: Unable to connect: (-5961) > TCP connection reset by peer. > at org.mozilla.jss.ssl.SSLSocket.socketConnect(Native Method) > at org.mozilla.jss.ssl.SSLSocket.<init>(SSLSocket.java:566) > at org.mozilla.jss.ssl.SSLSocket.<init>(SSLSocket.java:534) > at > com.netscape.certsrv.client.PKIConnection$JSSProtocolSocketFactory.connectSocket(PKIConnection.java:316) > at > org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) > at > org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:326) > at > org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:610) > at > org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:445) > at > org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:836) > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) > at > org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) > at > org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:313) > ... 18 more > ERROR: Command: /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -cp > /usr/share/pki/lib/* -Dcom.redhat.fips=false > -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties > com.netscape.cmstools.cli.MainCLI -v ca-cert find
If your CA isn't working with 'ipa cert-show 1' then it is unlikely to work with the pki commands either. You need to investigate the pki logs to determine why the CA isn't starting. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
