Sanju A wrote:
Dear Rob,

Please find the result of getcert list.

Request ID '20140430124456':
         status: MONITORING
         stuck: no
         key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
         certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB'
         CA: IPA
         issuer: CN=Certificate Authority,O=EXAMPLE.COM
         subject: CN=ipa.tcs-mobility.com,O=EXAMPLE.COM
         expires: 2016-04-30 12:44:55 UTC
         key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
         eku: id-kp-serverAuth,id-kp-clientAuth
         pre-save command:
         post-save command:
         track: yes
         auto-renew: yes

You need to run getcert list on the IPA master running the CA that can't be contacted, not the host you're trying to delete.

rob



Regards
Sanju Abraham




From: Rob Crittenden <rcrit...@redhat.com>
To: Sanju A <sanj...@tcs.com>, freeipa-users@redhat.com
Date: 20-05-2015 19:04
Subject: Re: [Freeipa-users] Certificate operation cannot be completed:
Unable to communicate with CMS (Not Found)
------------------------------------------------------------------------



Sanju A wrote:
 > Hi,
 >
 > I am getting the following error while removing a host.
 >
 > ---------------------------------------
 > Certificate operation cannot be completed: Unable to communicate with
 > CMS (Not Found)
 > ---------------------------------------

This usually means that the CA is not serving requestss. It may be up
and running but that doesn't mean the webapp is working.

This is often due to expired CA subsystem certificates. Run getcert list
to check.

rob


=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to