Frederic Ayrault wrote: > Bonjour, > > Le 18/10/2023 à 19:43, Rob Crittenden via FreeIPA-users a écrit : >> # getcert request -d /etc/httpd/alias -n Server-Cert -p >> /etc/httpd/alias/pwdfile.txt -D <IPA FQDN> -K HTTP/<IPA FQDN> -C >> /usr/libexec/ipa/certmonger/restart_httpd -v -w >> > > This command does not work >> New signing request "20231020100840" added. >> State NEWLY_ADDED_READING_KEYINFO, stuck: no. >> State GENERATING_KEY_PAIR, stuck: no. >> State GENERATING_CSR, stuck: no. >> State NEED_CA, stuck: yes. > > if I understand correctly this is because pki-tomcatd Service is stopped
If the CA isn't running then there is no way to replace the certs. > > when I do a ipactl restart, I get a lot of errors >> SEVERE: Servlet.service() for servlet [caGetStatus] in context with >> path [/ca] threw exception >> java.io.IOException: CS server is not ready to serve. On startup ipactl checks the CA status to see what is going on and times out after IIRC 300 seconds. You'll need to dig into the PKI logs to see why it isn't starting. rob > > Thank you > > Regards, > > Frederic > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
