ipactl status is up and the flag is also in the correct state. However I
have restarted pki-cad and the issue got fixed.
Thanks for your help in fixing the issue.
From: Rob Crittenden <rcrit...@redhat.com>
To: Sanju A <sanj...@tcs.com>
Date: 22-05-2015 19:05
Subject: Re: [Freeipa-users] Certificate operation cannot be
completed: Unable to communicate with CMS (Not Found)
Sanju A wrote:
> Dear Rob,
> Please find the entire result.
Ok, the good news is that renewal already took place and it looks like
everything is a-ok certificate-wise.
First, make sure the CA is up:
# ipactl status
If the CA is down, start it with service pki-cad start.
If the CA is up, the next thing to check are the trust flags:
# certutil -L -d /var/lib/pki-ca/alias
The auditSigningCert should be u,u,Pu
If it isn't, fix it with:
# certutil -M -t u,u,Pu -d /var/lib/pki-ca/alias -n 'auditSigningCert
You'll need to restart the CA after changing the trust:
# service pki-cad restart
If the trust is ok and the CA was already up we'd need to see your CA
logs to try to determine what is going on.
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project