John Desantis wrote:
Marc,

Unfortunately, I've never had to promote a replica to become the CA
master in our environment.

Is the host that's reporting the error the URL of the old master or the
replica?  Did you check the CS.cfg to see if the replica certificate is
present vs. the old master?

John DeSantis

I think he just needs to go back in time again, restart the CA, restart certmonger and that should do it.

It looks like this machine is configured to do the subsystem renewal: it uses dogtag-ipa-renew-agent as the certmonger CA.

rob


On Jun 5, 2015 3:49 PM, "Marc Wiatrowski" <w...@iglass.net
<mailto:w...@iglass.net>> wrote:

    Thank you John.  I had tried that but you did give me some things to
    look at.

    I was able to get 2 of the certificates to renew by setting the date
    back in time, a services restart, and issuing 'ipa-getcert resubmit
    -i <request id>'  This renewed the following 'Server-Cert' and
      'ipaCert' but did not 'auditSigningCert cert-pki-ca'
    'ocspSigningCert cert-pki-ca' or 'subsystemCert cert-pki-ca'

    The admin web interface now gives 'ipa error 4301: Certificate
    operation cannot be completed: Unable to communicate with CMS (Not
    Found)'

    listing the certs shows an error along the lines of

    Internal error: no response to
    
"http://spider01o.iglass.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=1073545218&renewal=true&xml=true";.

    If any of these are useful.

    messages:
    Jun  5 15:38:05 spider01o certmonger: Internal error: no response to
    
"http://spider01o.iglass.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=5&renewal=true&xml=true";.

    httpd/error:
    [Fri Jun 05 14:32:26 2015] [error] ipa: ERROR:
    ipaserver.plugins.dogtag.ra.get_certificate(): Unable to communicate
    with CMS (Not Found)

    selftests.log:
    8371.main - [05/Jun/2015:15:19:17 EDT] [20] [1]
    SystemCertsVerification: system certs verification failure
    8371.main - [05/Jun/2015:15:19:17 EDT] [20] [1] SelfTestSubsystem:
    The CRITICAL self test plugin called
    selftests.container.instance.SystemCertsVerification running at
    startup FAILED!

    $ ipactl status
    Directory Service: RUNNING
    KDC Service: RUNNING
    KPASSWD Service: RUNNING
    DNS Service: RUNNING
    MEMCACHE Service: RUNNING
    HTTP Service: RUNNING
    CA Service: RUNNING

    $ certutil -L -d /var/lib/pki-ca/alias

    Certificate Nickname                                         Trust
    Attributes

      SSL,S/MIME,JAR/XPI

    ocspSigningCert cert-pki-ca                                  u,u,u
    subsystemCert cert-pki-ca                                    u,u,u
    Server-Cert cert-pki-ca                                      u,u,u
    caSigningCert cert-pki-ca                                    CTu,u,u
    auditSigningCert cert-pki-ca                                 u,u,Pu

    $ getcert list
    Number of certificates and requests being tracked: 9.
    Request ID '20131204194012':
    status: MONITORING
    stuck: no
    key pair storage:
    type=NSSDB,location='/etc/pki/nssdb',nickname='Server-Cert',token='NSS
    Certificate DB'
    certificate:
    type=NSSDB,location='/etc/pki/nssdb',nickname='Server-Cert',token='NSS
    Certificate DB'
    CA: IPA
    issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
    subject: CN=spider01o,O=IGLASS.NET <http://IGLASS.NET>
    expires: 2017-05-28 18:03:59 UTC
    key usage:
    digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
    eku: id-kp-serverAuth,id-kp-clientAuth
    pre-save command:
    post-save command:
    track: yes
    auto-renew: yes
    Request ID '20141114162346':
    status: MONITORING
    stuck: no
    key pair storage:
    
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
    Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA/pwdfile.txt'
    certificate:
    
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
    Certificate DB'
    CA: IPA
    issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
    subject: CN=spider01o.iglass.net
    <http://spider01o.iglass.net>,O=IGLASS.NET <http://IGLASS.NET>
    expires: 2016-11-14 16:22:37 UTC
    key usage:
    digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
    eku: id-kp-serverAuth,id-kp-clientAuth
    pre-save command:
    post-save command:
    track: yes
    auto-renew: yes
    Request ID '20141114162434':
    status: MONITORING
    ca-error: Internal error: no response to
    
"http://spider01o.iglass.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=1073545218&renewal=true&xml=true";.
    stuck: no
    key pair storage:
    type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
    cert-pki-ca',token='NSS Certificate DB',pin='x'
    certificate:
    type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
    cert-pki-ca',token='NSS Certificate DB'
    CA: dogtag-ipa-renew-agent
    issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
    subject: CN=spider01o.iglass.net
    <http://spider01o.iglass.net>,O=IGLASS.NET <http://IGLASS.NET>
    expires: 2016-11-03 16:24:27 UTC
    key usage:
    digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
    eku: id-kp-serverAuth
    pre-save command:
    post-save command:
    track: yes
    auto-renew: yes
    Request ID '20141114162522':
    status: MONITORING
    stuck: no
    key pair storage:
    
type=NSSDB,location='/etc/dirsrv/slapd-IGLASS-NET',nickname='Server-Cert',token='NSS
    Certificate DB',pinfile='/etc/dirsrv/slapd-IGLASS-NET/pwdfile.txt'
    certificate:
    
type=NSSDB,location='/etc/dirsrv/slapd-IGLASS-NET',nickname='Server-Cert',token='NSS
    Certificate DB'
    CA: IPA
    issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
    subject: CN=spider01o.iglass.net
    <http://spider01o.iglass.net>,O=IGLASS.NET <http://IGLASS.NET>
    expires: 2016-11-14 16:22:36 UTC
    key usage:
    digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
    eku: id-kp-serverAuth,id-kp-clientAuth
    pre-save command:
    post-save command:
    track: yes
    auto-renew: yes
    Request ID '20141114162610':
    status: MONITORING
    stuck: no
    key pair storage:
    type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
    Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
    certificate:
    type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
    Certificate DB'
    CA: IPA
    issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
    subject: CN=spider01o.iglass.net
    <http://spider01o.iglass.net>,O=IGLASS.NET <http://IGLASS.NET>
    expires: 2016-11-14 16:22:42 UTC
    key usage:
    digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
    eku: id-kp-serverAuth,id-kp-clientAuth
    pre-save command:
    post-save command:
    track: yes
    auto-renew: yes
    Request ID '20150604181945':
    status: MONITORING
    ca-error: Internal error: no response to
    
"http://spider01o.iglass.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=5&renewal=true&xml=true";.
    stuck: no
    key pair storage:
    type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
    cert-pki-ca',token='NSS Certificate DB',pin='x'
    certificate:
    type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
    cert-pki-ca',token='NSS Certificate DB'
    CA: dogtag-ipa-renew-agent
    issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
    subject: CN=CA Audit,O=IGLASS.NET <http://IGLASS.NET>
    expires: 2015-05-31 18:48:55 UTC
    key usage: digitalSignature,nonRepudiation
    pre-save command:
    post-save command:
    track: yes
    auto-renew: yes
    Request ID '20150604181956':
    status: MONITORING
    ca-error: Internal error: no response to
    
"http://spider01o.iglass.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=2&renewal=true&xml=true";.
    stuck: no
    key pair storage:
    type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert 
cert-pki-ca',token='NSS
    Certificate DB',pin='x'
    certificate:
    type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert 
cert-pki-ca',token='NSS
    Certificate DB'
    CA: dogtag-ipa-renew-agent
    issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
    subject: CN=OCSP Subsystem,O=IGLASS.NET <http://IGLASS.NET>
    expires: 2015-05-31 18:48:54 UTC
    key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
    eku: id-kp-OCSPSigning
    pre-save command:
    post-save command:
    track: yes
    auto-renew: yes
    Request ID '20150604182006':
    status: MONITORING
    ca-error: Internal error: no response to
    
"http://spider01o.iglass.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=4&renewal=true&xml=true";.
    stuck: no
    key pair storage:
    type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert
    cert-pki-ca',token='NSS Certificate DB',pin='x'
    certificate:
    type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert
    cert-pki-ca',token='NSS Certificate DB'
    CA: dogtag-ipa-renew-agent
    issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
    subject: CN=CA Subsystem,O=IGLASS.NET <http://IGLASS.NET>
    expires: 2015-05-31 18:48:54 UTC
    key usage:
    digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
    eku: id-kp-serverAuth,id-kp-clientAuth
    pre-save command:
    post-save command:
    track: yes
    auto-renew: yes
    Request ID '20150604182012':
    status: MONITORING
    stuck: no
    key pair storage:
    type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
    Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
    certificate:
    type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
    Certificate DB'
    CA: dogtag-ipa-renew-agent
    issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
    subject: CN=IPA RA,O=IGLASS.NET <http://IGLASS.NET>
    expires: 2017-05-25 13:58:36 UTC
    key usage:
    digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
    eku: id-kp-serverAuth,id-kp-clientAuth
    pre-save command:
    post-save command:
    track: yes
    auto-renew: yes

    thanks again. -Marc

    On Fri, Jun 5, 2015 at 1:03 PM, John Desantis <desan...@mail.usf.edu
    <mailto:desan...@mail.usf.edu>> wrote:

        Marc,

        I experienced a similar issue earlier this year.

        Try restarting certmonger after temporarily changing the date
        back on
        the master.  In our case that service had failed miserably and it
        didn't allow FreeIPA to renew the certificates properly.

        Our replicas however were hit with a bug [1] during this
        process.  We
        applied the patched code and followed the same process and all was
        well.

        John DeSantis

        [1] https://fedorahosted.org/freeipa/ticket/4064


        2015-06-05 11:12 GMT-04:00 Marc Wiatrowski <w...@iglass.net
        <mailto:w...@iglass.net>>:
         > hello,
         >
         > I've got a problem with expired certificates in my ipa/IdM
        setup.  I believe
         > the root issue to be from the fact that when everything was
        first setup
         > about a year ago and everything was replicated from a first
        ipa server which
         > no longer exists.  There are currently 3 ipa servers but none
        of them are
         > the original.
         >
         > Couple days ago I started getting errors similar to
         > '(SSL_ERROR_EXPIRED_CERT_ALERT) SSL peer rejected your
         > certificate as expired' through the web management
        interface.  After
         > investigating with 'getcert list' I found that several
        certificates expired
         > at 2015-05-31 18:48:55 UTC.
         >
         > I found
         >
        http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master
        and
         > followed the procedure for ipa <4.0 and everything seemed to
        go as expected.
         > However this did not fix my issue.
         >
         > With more searching it looked like once the certificates are
        expired the
         > auto renew will not work.  Finding
         >
        
https://www.freeipa.org/page/Howto/CA_Certificate_Renewal#Procedure_in_IPA_.3C_4.0
         > to try to manually renew I am stuck at the the beginning with
        'Give the CSR
         > to your external CA.'  I don't believe we had our
        certificates externally
         > signed.  They are whatever the original install put in
        place.  Setting the
         > date back in time reeks havoc on our environment so I'm
        reluctant to leave
         > it for to long.  I can get what I believe is the original CSR
        from
         > /etc/pki-ca/CS.cfg but unsure what to do next or if this is
        even the road I
         > should be going down.
         >
         > Things seem to be working for the most part except trying to
        make updates.
         > Any help on what to do next, somewhere else to look, or if
        I'm going in the
         > right direction would be greatly appreciated.
         >
         > thanks,
         > Marc
         >
         > Info:
         > CentOS 6.5 with some current updates including
         > ipa-server-3.0.0-42.el6.centos.i686
         > certmonger-0.75.13-1.el6.i686
         >
         > $ getcert list-cas
         > CA 'SelfSign':
         > is-default: no
         > ca-type: INTERNAL:SELF
         > next-serial-number: 01
         > CA 'IPA':
         > is-default: no
         > ca-type: EXTERNAL
         > helper-location: /usr/libexec/certmonger/ipa-submit
         > CA 'certmaster':
         > is-default: no
         > ca-type: EXTERNAL
         > helper-location: /usr/libexec/certmonger/certmaster-submit
         > CA 'dogtag-ipa-renew-agent':
         > is-default: no
         > ca-type: EXTERNAL
         > helper-location:
        /usr/libexec/certmonger/dogtag-ipa-renew-agent-submit
         > CA 'local':
         > is-default: no
         > ca-type: EXTERNAL
         > helper-location: /usr/libexec/certmonger/local-submit
         > CA 'dogtag-ipa-retrieve-agent-submit':
         > is-default: no
         > ca-type: EXTERNAL
         > helper-location:
        /usr/libexec/certmonger/dogtag-ipa-retrieve-agent-submit
         >
         > $ getcert list
         > Number of certificates and requests being tracked: 9.
         > Request ID '20131204194012':
         > status: MONITORING
         > stuck: no
         > key pair storage:
         >
        type=NSSDB,location='/etc/pki/nssdb',nickname='Server-Cert',token='NSS
         > Certificate DB'
         > certificate:
         >
        type=NSSDB,location='/etc/pki/nssdb',nickname='Server-Cert',token='NSS
         > Certificate DB'
         > CA: IPA
         > issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
         > subject: CN=spider01o,O=IGLASS.NET <http://IGLASS.NET>
         > expires: 2015-12-05 19:40:13 UTC
         > key usage:
        digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
         > eku: id-kp-serverAuth,id-kp-clientAuth
         > pre-save command:
         > post-save command:
         > track: yes
         > auto-renew: yes
         > Request ID '20141114162346':
         > status: MONITORING
         > stuck: no
         > key pair storage:
         >
        
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
         > Certificate DB',pinfile='/etc/dirsrv/slapd-PKI-IPA/pwdfile.txt'
         > certificate:
         >
        
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
         > Certificate DB'
         > CA: IPA
         > issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
         > subject: CN=spider01o.iglass.net
        <http://spider01o.iglass.net>,O=IGLASS.NET <http://IGLASS.NET>
         > expires: 2016-11-14 16:22:37 UTC
         > key usage:
        digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
         > eku: id-kp-serverAuth,id-kp-clientAuth
         > pre-save command:
         > post-save command:
         > track: yes
         > auto-renew: yes
         > Request ID '20141114162434':
         > status: MONITORING
         > ca-error: Internal error: no response to
         >
        
"http://spider01o.iglass.net:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=1073545218&renewal=true&xml=true";.
         > stuck: no
         > key pair storage:
         > type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
         > cert-pki-ca',token='NSS Certificate DB',pin='x'
         > certificate:
         > type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
         > cert-pki-ca',token='NSS Certificate DB'
         > CA: dogtag-ipa-renew-agent
         > issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
         > subject: CN=spider01o.iglass.net
        <http://spider01o.iglass.net>,O=IGLASS.NET <http://IGLASS.NET>
         > expires: 2016-11-03 16:24:27 UTC
         > key usage:
        digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
         > eku: id-kp-serverAuth
         > pre-save command:
         > post-save command:
         > track: yes
         > auto-renew: yes
         > Request ID '20141114162522':
         > status: MONITORING
         > stuck: no
         > key pair storage:
         >
        
type=NSSDB,location='/etc/dirsrv/slapd-IGLASS-NET',nickname='Server-Cert',token='NSS
         > Certificate
        DB',pinfile='/etc/dirsrv/slapd-IGLASS-NET/pwdfile.txt'
         > certificate:
         >
        
type=NSSDB,location='/etc/dirsrv/slapd-IGLASS-NET',nickname='Server-Cert',token='NSS
         > Certificate DB'
         > CA: IPA
         > issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
         > subject: CN=spider01o.iglass.net
        <http://spider01o.iglass.net>,O=IGLASS.NET <http://IGLASS.NET>
         > expires: 2016-11-14 16:22:36 UTC
         > key usage:
        digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
         > eku: id-kp-serverAuth,id-kp-clientAuth
         > pre-save command:
         > post-save command:
         > track: yes
         > auto-renew: yes
         > Request ID '20141114162610':
         > status: MONITORING
         > stuck: no
         > key pair storage:
         >
        type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
         > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
         > certificate:
         >
        type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
         > Certificate DB'
         > CA: IPA
         > issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
         > subject: CN=spider01o.iglass.net
        <http://spider01o.iglass.net>,O=IGLASS.NET <http://IGLASS.NET>
         > expires: 2016-11-14 16:22:42 UTC
         > key usage:
        digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
         > eku: id-kp-serverAuth,id-kp-clientAuth
         > pre-save command:
         > post-save command:
         > track: yes
         > auto-renew: yes
         > Request ID '20150604181945':
         > status: CA_UNREACHABLE
         > ca-error: Error 35 connecting to
         > https://spider01o.iglass.net:9443/ca/agent/ca/profileReview:
        SSL connect
         > error.
         > stuck: no
         > key pair storage:
         >
        type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
         > cert-pki-ca',token='NSS Certificate DB',pin='x'
         > certificate:
         >
        type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
         > cert-pki-ca',token='NSS Certificate DB'
         > CA: dogtag-ipa-renew-agent
         > issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
         > subject: CN=CA Audit,O=IGLASS.NET <http://IGLASS.NET>
         > expires: 2015-05-31 18:48:55 UTC
         > key usage: digitalSignature,nonRepudiation
         > pre-save command:
         > post-save command:
         > track: yes
         > auto-renew: yes
         > Request ID '20150604181956':
         > status: CA_UNREACHABLE
         > ca-error: Error 35 connecting to
         > https://spider01o.iglass.net:9443/ca/agent/ca/profileReview:
        SSL connect
         > error.
         > stuck: no
         > key pair storage:
         >
        type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert
         > cert-pki-ca',token='NSS Certificate DB',pin='x'
         > certificate:
         >
        type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert
         > cert-pki-ca',token='NSS Certificate DB'
         > CA: dogtag-ipa-renew-agent
         > issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
         > subject: CN=OCSP Subsystem,O=IGLASS.NET <http://IGLASS.NET>
         > expires: 2015-05-31 18:48:54 UTC
         > key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
         > eku: id-kp-OCSPSigning
         > pre-save command:
         > post-save command:
         > track: yes
         > auto-renew: yes
         > Request ID '20150604182006':
         > status: CA_UNREACHABLE
         > ca-error: Error 35 connecting to
         > https://spider01o.iglass.net:9443/ca/agent/ca/profileReview:
        SSL connect
         > error.
         > stuck: no
         > key pair storage:
         >
        type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert
         > cert-pki-ca',token='NSS Certificate DB',pin='x'
         > certificate:
         >
        type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert
         > cert-pki-ca',token='NSS Certificate DB'
         > CA: dogtag-ipa-renew-agent
         > issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
         > subject: CN=CA Subsystem,O=IGLASS.NET <http://IGLASS.NET>
         > expires: 2015-05-31 18:48:54 UTC
         > key usage:
        digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
         > eku: id-kp-serverAuth,id-kp-clientAuth
         > pre-save command:
         > post-save command:
         > track: yes
         > auto-renew: yes
         > Request ID '20150604182012':
         > status: CA_UNREACHABLE
         > ca-error: Error 35 connecting to
         > https://spider01o.iglass.net:9443/ca/agent/ca/profileReview:
        SSL connect
         > error.
         > stuck: no
         > key pair storage:
         >
        type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
         > Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
         > certificate:
         >
        type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
         > Certificate DB'
         > CA: dogtag-ipa-renew-agent
         > issuer: CN=Certificate Authority,O=IGLASS.NET <http://IGLASS.NET>
         > subject: CN=IPA RA,O=IGLASS.NET <http://IGLASS.NET>
         > expires: 2015-05-31 18:49:37 UTC
         > key usage:
        digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
         > eku: id-kp-serverAuth,id-kp-clientAuth
         > pre-save command:
         > post-save command:
         > track: yes
         > auto-renew: yes
         >
         >
        > --
        > Manage your subscription for the Freeipa-users mailing list:
        >https://www.redhat.com/mailman/listinfo/freeipa-users
        > Go tohttp://freeipa.org for more info on the project





--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to