I put excerpts from the ca logs in http://pastebin.com/gYgskU79. It
looks logical to me, but I can't spot anything that looks like a root
cause error. The selftests are all okay, I think. The debug log might
have something, but it might also just be complaining about ldap not
being up because it's not.
On 04/27/2016 01:11 PM, Rob Crittenden wrote:
Bret Wortman wrote:
So in lieu of fixing these certs, is there an acceptable way to dump
them all and start over /without losing the contents of the IPA
database/? Or otherwise really screwing ourselves?
I don't believe there is a way.
We have a replica that's still up and running and we've switched
everyone over to talking to it, but we're at risk with just the one.
I'd ignore the two unknown certs for now. They look like someone was
experimenting with issuing a cert and didn't quite get things working.
The CA seems to be throwing an error. I'd check the syslog for
messages from certmonger and look at the CA debug log and selftest log.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project