On 05/04/2012 04:17 PM, Chris Evich wrote:
I'm stumped. Where to look next?
Did some poking around (n/b I haven't used cert system much/at all
before) and found this:
[root@<replica> conf.d]# ipa-getcert list -r
Number of certificates and requests being tracked: 1.
Request ID '20120504213228':
ca-error: Server failed request, will retry: 4301 (RPC failed at
server. Certificate operation cannot be completed: FAILURE (Profile
caIPAserviceCert Not Found)).
key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA
Machine Certificate - <replica fqdn>',token='NSS Certificate DB'
certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine
Certificate - <replica fqdn>'
That makes me think maybe there's just a missing service principal or
something I can add? I'll see if I can remove that request and try
running ipa-replica-prepare again to see if it still gives that error
(systems have been restarted since then). Though any other
suggestions/ideas of what I can try or look at are much appreciated.
Freeipa-users mailing list