Hello all, since one or two days I can't access the WebUI on my IPA Master (4.9.10). With the Replica it works without problems.
In the /var/log/messages I have the following message Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caTPSCert.cfg:82: policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1wit> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/AdminCert.cfg:83: policyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1with> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg:83: policyset.caJarSigningSet.6.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRS> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caAgentFileSigning.cfg:83: policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRS> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caOtherCert.cfg:82: policyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1wi> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caUUIDdeviceCert.cfg:96: policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SH> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg:98: policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1with> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caRACert.cfg:82: policyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caRARouterCert.cfg:82: policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SH> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caUserSMIMEcapCert.cfg:98: policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caRAagentCert.cfg:92: policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1w> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caRAserverCert.cfg:82: policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SH> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caRouterCert.cfg:82: policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caCrossSignedCACert.cfg:79: policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,S> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caDirBasedDualCert.cfg:92: policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA384wi> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caDirBasedDualCert.cfg:164: policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512with> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caDirBasedDualCert.cfg:168: policyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caDirPinUserCert.cfg:96: policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SH> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caDirUserCert.cfg:96: policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1w> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_DirUserCert.cfg:101: policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA51> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg:92: policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SH> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg:164: policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg:168: policyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1wit> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caServerKeygen_UserCert.cfg:101: policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512wi> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caDualRAuserCert.cfg:91: policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SH> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caSigningUserCert.cfg:82: policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRS> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caECDualCert.cfg:164: policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SH> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caInternalAuthOCSPCert.cfg:68: policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512with> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caEncUserCert.cfg:92: policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caIPAserviceCert.cfg:82: policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,> Sep 3 10:44:49 fedora pkidaemon[2503]: WARNING: Deprecated algorithm in /etc/pki/pki-tomcat/ca/profiles/ca/caInstallCACert.cfg:83: policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1w> Sep 3 10:44:49 fedora server[2507]: Java virtual machine used: /usr/lib/jvm/jre-17-openjdk/bin/java Sep 3 10:44:49 fedora server[2507]: classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar: Sep 3 10:44:49 fedora server[2507]: main class used: org.apache.catalina.startup.Bootstrap Sep 3 10:44:49 fedora server[2507]: flags used: -Dcom.redhat.fips=false Sep 3 10:44:49 fedora server[2507]: options used: -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pk> Sep 3 10:44:49 fedora server[2507]: arguments used: start Sep 3 10:44:49 fedora server[2507]: NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.co> Sep 3 10:44:49 fedora server[2507]: WARNING: A command line option has enabled the Security Manager Sep 3 10:44:49 fedora server[2507]: WARNING: The Security Manager is deprecated and will be removed in a future release Sep 3 10:44:50 fedora ipa-pki-wait-running[2508]: pki.client: /usr/libexec/ipa/ipa-pki-wait-running:61: The subsystem in PKIConnection.__init__() has been deprecated (https://www.dogtagpki.org/wiki/PKI_10.8_Python_Changes). Sep 3 10:44:50 fedora ipa-pki-wait-running[2508]: ipa-pki-wait-running: Created connection http://ipa.kolanos.net:8080/ca Sep 3 10:44:50 fedora ipa-pki-wait-running[2508]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.kolanos.net', port=8080): Max retries exceeded with url: /ca/admin/ca/getStatus (Caused by NewConnectionError('<url> Sep 3 10:44:51 fedora ipa-pki-wait-running[2508]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.kolanos.net', port=8080): Max retries exceeded with url: /ca/admin/ca/getStatus (Caused by NewConnectionError('<url> Sep 3 10:44:52 fedora certmonger[2542]: 2022-09-03 10:44:52 [2542] Certificate "KOLANOS.NET IPA CA" valid for 589414559s. Sep 3 10:44:52 fedora pcscd[833]: 03957038 auth.c:137:IsClientAuthorized() Process 2507 (user: 17) is NOT authorized for action: access_pcsc Sep 3 10:44:52 fedora pcscd[833]: 00000451 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client Sep 3 10:44:52 fedora pcscd[833]: 00048514 auth.c:137:IsClientAuthorized() Process 2507 (user: 17) is NOT authorized for action: access_pcsc Sep 3 10:44:52 fedora pcscd[833]: 00000400 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client Sep 3 10:44:52 fedora ipa-pki-wait-running[2508]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.kolanos.net', port=8080): Max retries exceeded with url: /ca/admin/ca/getStatus (Caused by NewConnectionError('<url> Sep 3 10:44:52 fedora pcscd[833]: 00035722 auth.c:137:IsClientAuthorized() Process 2507 (user: 17) is NOT authorized for action: access_pcsc Sep 3 10:44:52 fedora pcscd[833]: 00000293 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client Sep 3 10:44:52 fedora pcscd[833]: 00039624 auth.c:137:IsClientAuthorized() Process 2507 (user: 17) is NOT authorized for action: access_pcsc Sep 3 10:44:52 fedora pcscd[833]: 00000335 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client Sep 3 10:44:53 fedora ipa-pki-wait-running[2508]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.kolanos.net', port=8080): Max retries exceeded with url: /ca/admin/ca/getStatus (Caused by NewConnectionError('<url> Sep 3 10:44:54 fedora server[2507]: WARNING: Some of the specified [protocols] are not supported by the SSL engine and have been skipped: [[TLSv1, TLSv1.1]] Sep 3 10:44:55 fedora ipa-pki-wait-running[2508]: ipa-pki-wait-running: Connection failed: HTTPConnectionPool(host='ipa.kolanos.net', port=8080): Read timed out. (read timeout=1.0) Does anyone have a tip for me how I can proceed here? Thanks a lot vapaa _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
