Hi, I seem to have issues with the certificate system on my IPA installation. Looking up hosts in the IPA WEBUI on any of the IPA servers says "Certificate format error: [Errno -8015] error (-8015) unknown".
I also notice that hosts says the certificate system is unavailable. certmonger: Server failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: Failure decoding Certificate Signing Request). Looking at the pki-ca logs on the ipa servers I see that some selftest failed: # tail -100 selftests.log 28697.main - [13/Jan/2014:15:06:33 CET] [20] [1] SelfTestSubsystem: Initializing self test plugins: 28697.main - [13/Jan/2014:15:06:33 CET] [20] [1] SelfTestSubsystem: loading all self test plugin logger parameters 28697.main - [13/Jan/2014:15:06:33 CET] [20] [1] SelfTestSubsystem: loading all self test plugin instances 28697.main - [13/Jan/2014:15:06:33 CET] [20] [1] SelfTestSubsystem: loading all self test plugin instance parameters 28697.main - [13/Jan/2014:15:06:33 CET] [20] [1] SelfTestSubsystem: loading self test plugins in on-demand order 28697.main - [13/Jan/2014:15:06:33 CET] [20] [1] SelfTestSubsystem: loading self test plugins in startup order 28697.main - [13/Jan/2014:15:06:33 CET] [20] [1] SelfTestSubsystem: Self test plugins have been successfully loaded! 28697.main - [13/Jan/2014:15:06:34 CET] [20] [1] SelfTestSubsystem: Running self test plugins specified to be executed at startup: 28697.main - [13/Jan/2014:15:06:34 CET] [20] [1] CAPresence: CA is present 28697.main - [13/Jan/2014:15:06:34 CET] [20] [1] SystemCertsVerification: system certs verification failure 28697.main - [13/Jan/2014:15:06:34 CET] [20] [1] SelfTestSubsystem: The CRITICAL self test plugin called selftests.container.instance.SystemCertsVerification running at startup FAILED! the pki-cad service is running and "pki-cad status" displays the ports available. /etc/init.d/pki-cad status pki-ca (pid 28697) is running... [ OK ] My main consern is that the certmonger requests for renew of certificates for LDAP on 2 out of 3 of the IPA servers has failed, and the current certificate is expiring the 19th of January, under a week from now. Do you have any suggestions to where I can start troubleshootng this issue? Regards, Siggi _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users