Dear IPA users,

My IPA 3.0 installation on CentOS 6.4 (coming from a 2.2 upgrade)
suddenly stopped working for the CA part.
I'm not sure this is the root of all the issues, but subsystem
certificates was expired and not renewed: getcert list gives a similar
output for all of them, and I don't know how to proceed.

[]# getcert list -c dogtag-ipa-renew-agent

Request ID '20130902075915':
        status: MONITORING
        ca-error: No end-entity URL (-E) given, and no default known.
        stuck: no
        key pair storage:
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=XXXX
        subject: CN=RA Subsystem,O=XXXX
        expires: 2013-10-11 07:44:12 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert
        track: yes
        auto-renew: yes

Do you have any hints on how to solve?

Many thanks in advance

Freeipa-users mailing list

Reply via email to