Jimmy wrote:
I used yum to upgrade cert monger now the access_log has nothing new
when I run the ipa-getcert, but error_log shows this:

[Sat Mar 10 21:47:21 2012] [error] ipa: INFO: sslget
'https://xyz-ipa.abc.xyz:443/ca/agent/ca/displayBySerial'
[Sat Mar 10 21:47:21 2012] [error] ipa: INFO:
host/xyz-ipa.abc....@abc.xyz:
cert_request(u'MIIDQzCCAisCAQAwLDEQMA4GA1UEChMHUERILkNTUDEYMBYGA1UEAxMPY3NwLWlkbS5wZGguY3NwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0EHCdyTuteryFZ2bdEl+V4OATR/xk8ELthmvlwT/5qubZKwlCWS6yLawgdyCg9Yw737A7qGe0BPxHv6E+as10NxppEPsn9BOi+TPRIMYNMNNYmO2sce2pvkMkVBqsF7Gn7mF7e5+Bpc7ApnDGP7WLsAjbso8EvLUrqVMTNyiziCSHiNk+/Fi1Om6K5GKzKkqfEDex0RK+kpMswgcaZHhmW3i+y3UxFZsJjOg3R4fJAfC0+My2d1Vx4052+EgWAbSNpSj7zmLGM2+dkmgMo5Li7jjgJe8VsrqOV4L5IgqtGVJ0EOb7EP7gynbVoa74m4XrVwEP8rd/M5RxAnD1JPuwIDAQABoIHRMBoGCSqGSIb3DQEJFDENEwtTZXJ2ZXItQ2VydDCBsgYJKoZIhvcNAQkOMYGkMIGhMA4GA1UdDwEBAAQEAwIE8DB3BgNVHREBAQAEbTBroCwGCisGAQQBgjcUAgOgHgwcbGRhcC9jc3AtaWRtLnBkaC5jc3BAUERILkNTUKA7BgYrBgEFAgKgMTAvoAkbB1BESC5DU1ChIjAgoAMCAQGhGTAXGwRsZGFwGw9jc3AtaWRtLnBkaC5jc3AwFgYDVR0lAQEABAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBABD/Hwbgf5NJNUYt0+ntMDHiilMFkSaO6ryQ36/pCH1oR+vI+PCeClHewPo0v99h4Z8W8L7CQtDdNBUMl/JVHH5Lz7cBF8A/jXZQ+naV17EEuXncacM8AvYh5dL2yih+8RpPalEmSgz5rijtbSigfNGrZn0Mh3qOW1kbsz+GDaaT9wLFxvdJyqgdKds2tsp0KzHIM
cJuw3cwOfH8zrBRV28XYhMLm0OOhj92uxgax5UPY2VyHP5UOtOnfuduU1ZXa+o8QIXqX7/HyDSCLGwiPJscAsp9cRzjn4KvqzZDOcdGEjXmCGfrmUiMcuzVyTDR2SdAWrHdbRmXeyVxmiBPzdk=',
principal=u'ldap/xyz-ipa.abc....@abc.xyz', add=True):
CertificateOperationError

What does ipa-getcert list show?

You may now have something in the CA logs too.

rob


On Thu, Mar 15, 2012 at 2:07 PM, Rob Crittenden<rcrit...@redhat.com>  wrote:
Jimmy wrote:

Which error log? the pki-ca error log has nothing and the httpd error
log has nothing, and the httpd access log has this: (yes, the dates
are set back a few days, bc the current cert expires on 3/11)

192.168.201.102 - - [10/Mar/2012:21:27:24 +0000] "POST /ipa/xml
HTTP/1.1" 401 1775
192.168.201.102 - host/abc-ipa.abc....@abc.xyz [10/Mar/2012:21:27:25
+0000] "POST /ipa/xml HTTP/1.1" 200 314

here is the ipa-getcert list:

http://fpaste.org/Dzr3/


You need to update certmonger, it isn't setting a Referer HTTP header in its
request. That is now required by IPA.


rob


On Thu, Mar 15, 2012 at 1:33 PM, Rob Crittenden<rcrit...@redhat.com>
  wrote:

Jimmy wrote:


Restarted IPA and now the interface loads, but resubmitting the cert
has this result -

ipa-getcert resubmit -i 20110913154233
192.168.201.102 - - [10/Mar/2012:20:53:13 +0000] "POST /ipa/xml
HTTP/1.1" 401 1775
192.168.201.102 - host/abc-ipa.abc....@abc.xyz [10/Mar/2012:20:53:13
+0000] "POST /ipa/xml HTTP/1.1" 200 314

but the cert still shows these dates-

  Not Before: Tue Sep 13 15:43:37 2011
             Not After : Sun Mar 11 15:43:37 2012



The error log will contain more interesting information.

What does the status show in the output of ipa-getcert list?

rob



On Thu, Mar 15, 2012 at 1:06 PM, Jimmy<g17ji...@gmail.com>      wrote:


I can now start the upgraded IPA, but now going to the IPA admin page
I get this:

====

Not Found

The requested URL /ipa was not found on this server.

====



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users





_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to