Dear Rob,

The result is from ipa master server.


Regards
Sanju Abraham



From:   Rob Crittenden <rcrit...@redhat.com>
To:     Sanju A <sanj...@tcs.com>
Cc:     freeipa-users@redhat.com
Date:   21-05-2015 19:03
Subject:        Re: [Freeipa-users] Certificate operation cannot be 
completed: Unable to communicate with CMS (Not Found)



Sanju A wrote:
> Dear Rob,
>
> Please find the result of getcert list.
>
> Request ID '20140430124456':
>          status: MONITORING
>          stuck: no
>          key pair storage:
> type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>          certificate:
> type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
> Certificate DB'
>          CA: IPA
>          issuer: CN=Certificate Authority,O=EXAMPLE.COM
>          subject: CN=ipa.tcs-mobility.com,O=EXAMPLE.COM
>          expires: 2016-04-30 12:44:55 UTC
>          key usage:
> digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>          eku: id-kp-serverAuth,id-kp-clientAuth
>          pre-save command:
>          post-save command:
>          track: yes
>          auto-renew: yes

You need to run getcert list on the IPA master running the CA that can't 
be contacted, not the host you're trying to delete.

rob

>
>
> Regards
> Sanju Abraham
>
>
>
>
> From: Rob Crittenden <rcrit...@redhat.com>
> To: Sanju A <sanj...@tcs.com>, freeipa-users@redhat.com
> Date: 20-05-2015 19:04
> Subject: Re: [Freeipa-users] Certificate operation cannot be completed:
> Unable to communicate with CMS (Not Found)
> ------------------------------------------------------------------------
>
>
>
> Sanju A wrote:
>  > Hi,
>  >
>  > I am getting the following error while removing a host.
>  >
>  > ---------------------------------------
>  > Certificate operation cannot be completed: Unable to communicate with
>  > CMS (Not Found)
>  > ---------------------------------------
>
> This usually means that the CA is not serving requestss. It may be up
> and running but that doesn't mean the webapp is working.
>
> This is often due to expired CA subsystem certificates. Run getcert list
> to check.
>
> rob
>
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to