On 05/04/2012 04:17 PM, Chris Evich wrote:
I'm stumped. Where to look next?

Did some poking around (n/b I haven't used cert system much/at all before) and found this:

[root@<replica> conf.d]# ipa-getcert list -r
Number of certificates and requests being tracked: 1.
Request ID '20120504213228':
        status: CA_UNREACHABLE
ca-error: Server failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: FAILURE (Profile caIPAserviceCert Not Found)).
        stuck: yes
key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate - <replica fqdn>',token='NSS Certificate DB' certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate - <replica fqdn>'
        CA: IPA
        expires: unknown
        track: yes
        auto-renew: yes

That makes me think maybe there's just a missing service principal or something I can add? I'll see if I can remove that request and try running ipa-replica-prepare again to see if it still gives that error (systems have been restarted since then). Though any other suggestions/ideas of what I can try or look at are much appreciated. Thanks.

Freeipa-users mailing list

Reply via email to