Dear Rob,

Please find the entire result.

-------------------------------------------------------------------------------------------------
Number of certificates and requests being tracked: 8.
Request ID '20140430124246':
        status: MONITORING
        stuck: no
        key pair storage: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert 
cert-pki-ca',token='NSS Certificate DB',pin='288949439135'
        certificate: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert 
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
        subject: CN=CA Audit,O=MYDOMAINNAME.COM
        expires: 2016-04-19 12:42:02 UTC
        key usage: digitalSignature,nonRepudiation
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes
Request ID '20140430124247':
        status: MONITORING
        stuck: no
        key pair storage: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert 
cert-pki-ca',token='NSS Certificate DB',pin='288949439135'
        certificate: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert 
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
        subject: CN=OCSP Subsystem,O=MYDOMAINNAME.COM
        expires: 2016-04-19 12:42:01 UTC
        key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
        eku: id-kp-OCSPSigning
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes
Request ID '20140430124248':
        status: MONITORING
        stuck: no
        key pair storage: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert 
cert-pki-ca',token='NSS Certificate DB',pin='288949439135'
        certificate: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert 
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
        subject: CN=CA Subsystem,O=MYDOMAINNAME.COM
        expires: 2016-04-19 12:42:01 UTC
        key usage: 
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes
Request ID '20140430124249':
        status: MONITORING
        stuck: no
        key pair storage: 
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS 
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS 
Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
        subject: CN=IPA RA,O=MYDOMAINNAME.COM
        expires: 2016-04-19 12:42:45 UTC
        key usage: 
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes
Request ID '20140430124250':
        status: MONITORING
        stuck: no
        key pair storage: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert 
cert-pki-ca',token='NSS Certificate DB',pin='288949439135'
        certificate: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert 
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
        subject: CN=ipa.mydomainname.com,O=MYDOMAINNAME.COM
        expires: 2016-04-19 12:42:01 UTC
        key usage: 
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes
Request ID '20140430124308':
        status: MONITORING
        stuck: no
        key pair storage: 
type=NSSDB,location='/etc/dirsrv/slapd-TCS-MOBILITY-COM',nickname='Server-Cert',token='NSS
 
Certificate DB',pinfile='/etc/dirsrv/slapd-TCS-MOBILITY-COM/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/dirsrv/slapd-TCS-MOBILITY-COM',nickname='Server-Cert',token='NSS
 
Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
        subject: CN=ipa.mydomainname.com,O=MYDOMAINNAME.COM
        expires: 2016-04-30 12:43:07 UTC
        key usage: 
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes
Request ID '20140430124352':
        status: MONITORING
        stuck: no
        key pair storage: 
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
 
Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
 
Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
        subject: CN=mydomainname.com,O=MYDOMAINNAME.COM
        expires: 2016-04-30 12:43:51 UTC
        key usage: 
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes
Request ID '20140430124456':
        status: MONITORING
        stuck: no
        key pair storage: 
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS 
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS 
Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=MYDOMAINNAME.COM
        subject: CN=ipa.mydomainname.com,O=MYDOMAINNAME.COM
        expires: 2016-04-30 12:44:55 UTC
        key usage: 
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes
-------------------------------------------------------------------------------------------------

Regards
Sanju Abraham




From:   Rob Crittenden <rcrit...@redhat.com>
To:     Sanju A <sanj...@tcs.com>
Cc:     freeipa-users@redhat.com
Date:   22-05-2015 18:26
Subject:        Re: [Freeipa-users] Certificate operation cannot be 
completed: Unable to communicate with CMS (Not Found)



Sanju A wrote:
> Dear Rob,
>
> The result is from ipa master server.

Ok, then this can't be the entire output. For a master with a CA there 
should be about 8 certs tracked

rob

>
>
> Regards
> Sanju Abraham
>
>
>
> From: Rob Crittenden <rcrit...@redhat.com>
> To: Sanju A <sanj...@tcs.com>
> Cc: freeipa-users@redhat.com
> Date: 21-05-2015 19:03
> Subject: Re: [Freeipa-users] Certificate operation cannot be completed:
> Unable to communicate with CMS (Not Found)
> ------------------------------------------------------------------------
>
>
>
> Sanju A wrote:
>  > Dear Rob,
>  >
>  > Please find the result of getcert list.
>  >
>  > Request ID '20140430124456':
>  >          status: MONITORING
>  >          stuck: no
>  >          key pair storage:
>  > 
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
>  > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
>  >          certificate:
>  > 
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
>  > Certificate DB'
>  >          CA: IPA
>  >          issuer: CN=Certificate Authority,O=EXAMPLE.COM
>  >          subject: CN=ipa.tcs-mobility.com,O=EXAMPLE.COM
>  >          expires: 2016-04-30 12:44:55 UTC
>  >          key usage:
>  > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
>  >          eku: id-kp-serverAuth,id-kp-clientAuth
>  >          pre-save command:
>  >          post-save command:
>  >          track: yes
>  >          auto-renew: yes
>
> You need to run getcert list on the IPA master running the CA that can't
> be contacted, not the host you're trying to delete.
>
> rob
>
>  >
>  >
>  > Regards
>  > Sanju Abraham
>  >
>  >
>  >
>  >
>  > From: Rob Crittenden <rcrit...@redhat.com>
>  > To: Sanju A <sanj...@tcs.com>, freeipa-users@redhat.com
>  > Date: 20-05-2015 19:04
>  > Subject: Re: [Freeipa-users] Certificate operation cannot be 
completed:
>  > Unable to communicate with CMS (Not Found)
>  > 
------------------------------------------------------------------------
>  >
>  >
>  >
>  > Sanju A wrote:
>  >  > Hi,
>  >  >
>  >  > I am getting the following error while removing a host.
>  >  >
>  >  > ---------------------------------------
>  >  > Certificate operation cannot be completed: Unable to communicate 
with
>  >  > CMS (Not Found)
>  >  > ---------------------------------------
>  >
>  > This usually means that the CA is not serving requestss. It may be up
>  > and running but that doesn't mean the webapp is working.
>  >
>  > This is often due to expired CA subsystem certificates. Run getcert 
list
>  > to check.
>  >
>  > rob
>  >
>  >
>  > =====-----=====-----=====
>  > Notice: The information contained in this e-mail
>  > message and/or attachments to it may contain
>  > confidential or privileged information. If you are
>  > not the intended recipient, any dissemination, use,
>  > review, distribution, printing or copying of the
>  > information contained in this e-mail message
>  > and/or attachments to it are strictly prohibited. If
>  > you have received this communication in error,
>  > please notify us by reply e-mail or telephone and
>  > immediately and permanently delete the message
>  > and any attachments. Thank you
>  >
>
>


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to