Azim Siddiqui via FreeIPA-users wrote: > Hello, > > On one of the FreeIPA servers, I’m encountering an issue with the > certificate: > > Number of certificates and requests being tracked: 1. > Request ID '20220930041156': > status: CA_UNREACHABLE > ca-error: Server at https://xyz.ipa.free-ipa.com/ipa/xml failed > request, will retry: 4001 (RPC failed at server. ipa: Certificate > Authority not found). > stuck: no > key pair storage: > type=NSSDB,location='/etc/dirsrv/slapd-IPA-FREE-IPA-COM',nickname='Server-Cert',token='NSS > Certificate DB',pinfile='/etc/dirsrv/slapd-IPA-FREE-IPA-COM/pwdfile.txt' > certificate: > type=NSSDB,location='/etc/dirsrv/slapd-IPA-FREE-IPA-COM',nickname='Server-Cert',token='NSS > Certificate DB' > CA: IPA > issuer: CN=Certificate Authority,O=IPA-FREE-IPA-COM > subject: CN=xyz.ipa.free-ipa.com > <http://xyz.ipa.free-ipa.com/>,O=IPA-FREE-IPA-COM > expires: 2024-09-30 02:22:56 UTC > key usage: > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment > eku: id-kp-serverAuth,id-kp-clientAuth > pre-save command: > post-save command: /usr/libexec/ipa/certmonger/restart_dirsrv > IPA-FREE-IPA-COM > track: yes > auto-renew: yes > > Could someone please guide me on how to troubleshoot and resolve this issue? >
We need a bit more information. What version of IPA are you running on what distribution? What is your topology? Is this your only server? Does this server have the CA service installed? Did you use an external CA to sign the IPA CA on installation? Will ipa config-show run? What does it tell you? ipa: Certificate Authority not found. I'm not entirely sure what is throwing this error. I think the systemd journal might tell us. You didn't include how you got this output. You want to use getcert list to see all of the tracked certificates and not ipa-getcert list. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
