Hi Rob, ipactl status is up and the flag is also in the correct state. However I have restarted pki-cad and the issue got fixed.
Thanks for your help in fixing the issue. Regards Sanju Abraham From: Rob Crittenden <[email protected]> To: Sanju A <[email protected]> Cc: [email protected] Date: 22-05-2015 19:05 Subject: Re: [Freeipa-users] Certificate operation cannot be completed: Unable to communicate with CMS (Not Found) Sanju A wrote: > Dear Rob, > > Please find the entire result. Ok, the good news is that renewal already took place and it looks like everything is a-ok certificate-wise. First, make sure the CA is up: # ipactl status If the CA is down, start it with service pki-cad start. If the CA is up, the next thing to check are the trust flags: # certutil -L -d /var/lib/pki-ca/alias The auditSigningCert should be u,u,Pu If it isn't, fix it with: # certutil -M -t u,u,Pu -d /var/lib/pki-ca/alias -n 'auditSigningCert cert-pki-ca' You'll need to restart the CA after changing the trust: # service pki-cad restart If the trust is ok and the CA was already up we'd need to see your CA logs to try to determine what is going on. rob =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
