As below, its the 8 certs which certmonger are tracking:
root@ecnshlx3039-test2(SH):~ #getcert list
Number of certificates and requests being tracked: 8.
Request ID '20120704140859':
status: CA_UNREACHABLE
ca-error: Server failed request, will retry: 4301 (RPC failed
at server. Certificate operation cannot be completed:
EXCEPTION (Invalid Credential.)).
stuck: yes
key pair storage:
type=NSSDB,location='/etc/dirsrv/slapd-DRUTT-COM',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='
/etc/dirsrv/slapd-DRUTT-COM/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/dirsrv/slapd-DRUTT-COM',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=DRUTT.COM
subject: CN=ipa1.drutt.com,O=DRUTT.COM
expires: 2016-06-05 22:03:17 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv
DRUTT-COM
track: yes
auto-renew: yes
Request ID '20120704140922':
status: CA_UNREACHABLE
ca-error: Server failed request, will retry: 4301 (RPC failed
at server. Certificate operation cannot be completed:
EXCEPTION (Invalid Credential.)).
stuck: yes
key pair storage:
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/e
tc/dirsrv/slapd-PKI-IPA/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/dirsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=DRUTT.COM
subject: CN=ipa1.drutt.com,O=DRUTT.COM
expires: 2016-06-05 22:03:17 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20120704141150':
status: CA_UNREACHABLE
ca-error: Server failed request, will retry: 4301 (RPC failed
at server. Certificate operation cannot be completed:
EXCEPTION (Invalid Credential.)).
stuck: yes
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate
DB',pinfile='/etc/httpd/
alias/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=DRUTT.COM
subject: CN=ipa1.drutt.com,O=DRUTT.COM
expires: 2016-06-05 22:03:17 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_httpd
track: yes
auto-renew: yes
Request ID '20140605220249':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
Certificate
DB',pinfile='/etc/httpd/alia
s/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=DRUTT.COM
subject: CN=IPA RA,O=DRUTT.COM
expires: 2014-06-24 14:08:50 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20160527075219':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate
DB ',pin='565569846212'
certificate:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=DRUTT.COM
subject: CN=CA Audit,O=DRUTT.COM
expires: 2014-06-24 14:08:42 UTC
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20160527075220':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate
DB' ,pin='565569846212'
certificate:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=DRUTT.COM
subject: CN=OCSP Subsystem,O=DRUTT.COM
expires: 2014-06-24 14:08:41 UTC
eku: id-kp-OCSPSigning
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20160527075221':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate
DB',p in='565569846212'
certificate:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=DRUTT.COM
subject: CN=CA Subsystem,O=DRUTT.COM
expires: 2014-06-24 14:08:41 UTC
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20160527075222':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
cert-pki-ca',token='NSS Certificate
DB',pin ='565569846212'
certificate:
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=DRUTT.COM
subject: CN=ipa1.drutt.com,O=DRUTT.COM
expires: 2014-06-24 14:08:41 UTC
eku: id-kp-serverAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Follow all the steps in the guide, the result is just first three
certificates are renewed to 20160622 if I set system time to
20140623(which the four CA subsystem certs and CA cert are valid).
But other five are not renewed at all (the four CA subsystem certs and
CA cert). there is no error information during these steps.
I google a lot but still found nothing could resolve it. and then I
found there was a similar thread:
https://www.redhat.com/archives/freeipa-users/2015-October/msg00174.html
But unfortunately the solution is not available for my issue either.
Since I am not familiar with Freeipa, so it bothers me so much.
Any help will be really appreciate. Thansks in advance!
Thanks,
BR//Kay