Junhe Jian wrote:
Hi Rob,

i set the date in past "26 MAY 2015"
and add "NSSEnforceValidCerts off" to nss.conf

and resubmit the 3 ID
[root@be-ipasrv httpd]# getcert resubmit -i 20130528090822
Resubmitting "20130528090822" to "IPA".
[root@be-ipasrv httpd]# getcert resubmit -i 20130528090849
Resubmitting "20130528090849" to "IPA".
[root@be-ipasrv httpd]# getcert resubmit -i 20130528090923
Resubmitting "20130528090923" to "IPA".

Restart ipa and certmonger

now I get error in http_error

[Tue May 26 10:00:30 2015] [notice] SELinux policy enabled; httpd running as 
context unconfined_u:system_r:httpd_t:s0
[Tue May 26 10:00:30 2015] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)
[Tue May 26 10:00:31 2015] [notice] ModSecurity for Apache/2.7.3 
(http://www.modsecurity.org/) configured.
[Tue May 26 10:00:31 2015] [notice] ModSecurity: APR compiled version="1.3.9"; loaded 
version="1.3.9"
[Tue May 26 10:00:31 2015] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded 
version="7.8 2008-09-05"
[Tue May 26 10:00:31 2015] [notice] ModSecurity: LUA compiled version="Lua 5.1"
[Tue May 26 10:00:31 2015] [notice] ModSecurity: LIBXML compiled version="2.7.6"
[Tue May 26 10:00:31 2015] [notice] Digest: generating secret for digest 
authentication ...
[Tue May 26 10:00:31 2015] [notice] Digest: done
[Tue May 26 10:00:32 2015] [notice] Apache/2.2.15 (Unix) mod_auth_kerb/5.4 
mod_nss/2.2.15 NSS/3.14.0.0 Basic ECC PHP/5.3.25 mod_wsgi/3.2 Python/2.6.6 
configured -- resuming normal operations
[Tue May 26 10:00:33 2015] [error] ipa: INFO: *** PROCESS START ***
[Tue May 26 10:00:33 2015] [error] ipa: INFO: *** PROCESS START ***
[Tue May 26 10:01:23 2015] [warn] proxy: No protocol handler was valid for the 
URL /ca/agent/ca/displayBySerial. If you are using a DSO version of mod_proxy, 
make sure the proxy submodules are included in the configuration using 
LoadModule.
[Tue May 26 10:01:23 2015] [error] ipa: ERROR: 
ipaserver.plugins.dogtag.ra.get_certificate(): Unable to communicate with CMS 
(Internal Server Error)

Have you changed your apache configuration? It looks that way. You need the proxy modules loaded.

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to