On 3/28/2016 10:00 AM, Rob Crittenden wrote:
Timothy Geier wrote:
Thanks for the procedure..the good news is this worked quite well in
making sure that 389 didn’t crash immediately after startup.  The bad
news is that the certificates still didn’t renew due to

Server at "http://master_server:8080/ca/ee/ca/profileSubmit

replied: Profile caServerCert Not Found

which was the same error in getcert list I saw that one time 389
didn’t crash right away.  At least now this can be further
troubleshooted without worrying about 389.

To follow up on this issue, we haven’t been able to get any further
since last month due to the missing caServerCert profile..the
configuration files /usr/share/pki/ca/profiles/ca/caServerCert.cfg
and /var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg are present
and are identical.   The pki-ca package
passes rpm -V as well.   Are there any other troubleshooting steps we
can take?

Maybe Endi or Ade have some ideas why the CA isn't recognizing the profile.


Fraser, is it possible the profile is missing from LDAP?

Timothy, could you provide us with the CA debug logs (/var/log/pki/pki-tomcat/ca/debug) and CA configuration file (/var/lib/pki/pki-tomcat/ca/conf/CS.cfg)?


Endi S. Dewata

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to