On 3/28/2016 10:00 AM, Rob Crittenden wrote:
Timothy Geier wrote:
Thanks for the procedure..the good news is this worked quite well in
making sure that 389 didn’t crash immediately after startup. The bad
news is that the certificates still didn’t renew due to
Server at "http://master_server:8080/ca/ee/ca/profileSubmit
<https://mail.accertify.com/owa/redir.aspx?REF=hBo37W2qnlmUfAeXTrhGw6WdavZzsQoMPQ85UuuxxhZLgX6LCUDTCAFodHRwOi8vbWFzdGVyX3NlcnZlcjo4MDgwL2NhL2VlL2NhL3Byb2ZpbGVTdWJtaXQ.>"
replied: Profile caServerCert Not Found
which was the same error in getcert list I saw that one time 389
didn’t crash right away. At least now this can be further
troubleshooted without worrying about 389.
To follow up on this issue, we haven’t been able to get any further
since last month due to the missing caServerCert profile..the
configuration files /usr/share/pki/ca/profiles/ca/caServerCert.cfg
and /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg are present
and are identical. The pki-ca package
passes rpm -V as well. Are there any other troubleshooting steps we
can take?
Maybe Endi or Ade have some ideas why the CA isn't recognizing the profile.
rob
Fraser, is it possible the profile is missing from LDAP?
Timothy, could you provide us with the CA debug logs
(/var/log/pki/pki-tomcat/ca/debug) and CA configuration file
(/var/lib/pki/pki-tomcat/ca/conf/CS.cfg)?
Thanks!
--
Endi S. Dewata
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
