Chris Tobey wrote:
Hi Martin,

Thank you for the response. Here is what I can see on my FreeIPA server (I
replaced my server name with server.com):

[Wed Jun 03 10:05:36:..//var/lib/pki-ca]$ ipa cert-show 1
ipa: ERROR: Certificate operation cannot be completed: Unable to communicate
with CMS (Not Found)
[Wed Jun 03 10:05:47:..//var/lib/pki-ca]$ getcert list
Number of certificates and requests being tracked: 8.
Request ID '20150407214802':
        status: MONITORING
        stuck: no
        key pair storage:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB',pin='303912620731'
        certificate:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=SERVER.COM
        subject: CN=CA Audit,O=SERVER.COM
        expires: 2017-03-27 21:47:14 UTC
        key usage: digitalSignature,nonRepudiation
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes

Apache proxies to dogtag, so a Not Found means that dogtag either isn't running or its webapp wasn't loaded.

I'd start by restarting pki-tomcatd@pki-tomcat.service and see if that helps.

Otherwise you'll need to poke around in the debug long in /var/lib/pki-ca/<something>

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to