I put excerpts from the ca logs in http://pastebin.com/gYgskU79. It looks logical to me, but I can't spot anything that looks like a root cause error. The selftests are all okay, I think. The debug log might have something, but it might also just be complaining about ldap not being up because it's not.

On 04/27/2016 01:11 PM, Rob Crittenden wrote:
Bret Wortman wrote:
So in lieu of fixing these certs, is there an acceptable way to dump
them all and start over /without losing the contents of the IPA
database/? Or otherwise really screwing ourselves?

I don't believe there is a way.

We have a replica that's still up and running and we've switched
everyone over to talking to it, but we're at risk with just the one.

I'd ignore the two unknown certs for now. They look like someone was experimenting with issuing a cert and didn't quite get things working.

The CA seems to be throwing an error. I'd check the syslog for messages from certmonger and look at the CA debug log and selftest log.



Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to