Sanju A wrote:
Dear Rob,

The result is from ipa master server.

Ok, then this can't be the entire output. For a master with a CA there should be about 8 certs tracked

rob



Regards
Sanju Abraham



From: Rob Crittenden <rcrit...@redhat.com>
To: Sanju A <sanj...@tcs.com>
Cc: freeipa-users@redhat.com
Date: 21-05-2015 19:03
Subject: Re: [Freeipa-users] Certificate operation cannot be completed:
Unable to communicate with CMS (Not Found)
------------------------------------------------------------------------



Sanju A wrote:
 > Dear Rob,
 >
 > Please find the result of getcert list.
 >
 > Request ID '20140430124456':
 >          status: MONITORING
 >          stuck: no
 >          key pair storage:
 > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
 > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
 >          certificate:
 > type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
 > Certificate DB'
 >          CA: IPA
 >          issuer: CN=Certificate Authority,O=EXAMPLE.COM
 >          subject: CN=ipa.tcs-mobility.com,O=EXAMPLE.COM
 >          expires: 2016-04-30 12:44:55 UTC
 >          key usage:
 > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
 >          eku: id-kp-serverAuth,id-kp-clientAuth
 >          pre-save command:
 >          post-save command:
 >          track: yes
 >          auto-renew: yes

You need to run getcert list on the IPA master running the CA that can't
be contacted, not the host you're trying to delete.

rob

 >
 >
 > Regards
 > Sanju Abraham
 >
 >
 >
 >
 > From: Rob Crittenden <rcrit...@redhat.com>
 > To: Sanju A <sanj...@tcs.com>, freeipa-users@redhat.com
 > Date: 20-05-2015 19:04
 > Subject: Re: [Freeipa-users] Certificate operation cannot be completed:
 > Unable to communicate with CMS (Not Found)
 > ------------------------------------------------------------------------
 >
 >
 >
 > Sanju A wrote:
 >  > Hi,
 >  >
 >  > I am getting the following error while removing a host.
 >  >
 >  > ---------------------------------------
 >  > Certificate operation cannot be completed: Unable to communicate with
 >  > CMS (Not Found)
 >  > ---------------------------------------
 >
 > This usually means that the CA is not serving requestss. It may be up
 > and running but that doesn't mean the webapp is working.
 >
 > This is often due to expired CA subsystem certificates. Run getcert list
 > to check.
 >
 > rob
 >
 >
 > =====-----=====-----=====
 > Notice: The information contained in this e-mail
 > message and/or attachments to it may contain
 > confidential or privileged information. If you are
 > not the intended recipient, any dissemination, use,
 > review, distribution, printing or copying of the
 > information contained in this e-mail message
 > and/or attachments to it are strictly prohibited. If
 > you have received this communication in error,
 > please notify us by reply e-mail or telephone and
 > immediately and permanently delete the message
 > and any attachments. Thank you
 >



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to