hiipactl status  result:---------------------------
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING

getcert list result is :-------------------------root@ipasrv ~]# getcert list
Number of certificates and requests being tracked: 8.
Request ID '20140817123522':
        status: MONITORING
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='                          
                         auditSigningCert cert-pki-ca',token='NSS Certificate 
DB',pin='247087063310'
        certificate: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='audit                     
                              SigningCert cert-pki-ca',token='NSS Certificate 
DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=CA Audit,O=EXAMPLE.COM
        expCOMes: 2018-06-30 07:57:06 UTC
        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert 
"auditSigning                                                   Cert 
cert-pki-ca"
        track: yes
        auto-renew: yes
Request ID '20140817123523':
        status: MONITORING
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='                          
                         ocspSigningCert cert-pki-ca',token='NSS Certificate 
DB',pin='247087063310'
        certificate: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspS                     
                              igningCert cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=OCSP Subsystem,O=EXAMPLE.COM
        expCOMes: 2018-06-30 07:56:06 UTC
        eku: id-kp-OCSPSigning
        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert 
"ocspSigningC                                                   ert cert-pki-ca"
        track: yes
        auto-renew: yes
Request ID '20140817123524':
        status: MONITORING
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='                          
                         subsystemCert cert-pki-ca',token='NSS Certificate 
DB',pin='247087063310'
        certificate: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsy                     
                              stemCert cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=CA Subsystem,O=EXAMPLE.COM
        expCOMes: 2018-06-30 07:56:06 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert 
"subsystemCer                                                   t cert-pki-ca"
        track: yes
        auto-renew: yes
Request ID '20140817123525':
        status: MONITORING
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCe                          
                         rt',token='NSS Certificate 
DB',pinfile='/etc/httpd/alias/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',t                     
                              oken='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=IPA RA,O=EXAMPLE.COM
        expCOMes: 2018-06-30 07:56:06 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert
        track: yes
        auto-renew: yes
Request ID '20140817123526':
        status: MONITORING
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='                          
                         Server-Cert cert-pki-ca',token='NSS Certificate 
DB',pin='247087063310'
        certificate: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Serve                     
                              r-Cert cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
        expCOMes: 2018-06-30 07:56:06 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes
Request ID '20140817123534':
        status: MONITORING
        ca-error: Error setting up ccache for local "host" service using 
default                                                    keytab: Cannot 
contact any KDC for realm 'EXAMPLE.COM'.
        stuck: no
        key paCOM storage: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM' 
                                                  
,nickname='Server-Cert',token='NSS Certificate 
DB',pinfile='/etc/dCOMsrv/slapd-MT                                              
     NCOMANCELL-COM/pwdfile.txt'
        certificate: type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM',nick  
                                                 name='Server-Cert',token='NSS 
Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
        expCOMes: 2016-08-17 12:35:34 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv EXAMPLE-   
                                                COM
        track: yes
        auto-renew: yes
Request ID '20140817123602':
        status: MONITORING
        ca-error: Error setting up ccache for local "host" service using 
default                                                    keytab: Cannot 
contact any KDC for realm 'EXAMPLE.COM'.
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickna                         
                          me='Server-Cert',token='NSS Certificate 
DB',pinfile='/etc/dCOMsrv/slapd-PKI-IPA/p                                       
            wdfile.txt'
        certificate: 
type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='S                    
                               erver-Cert',token='NSS Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
        expCOMes: 2016-08-17 12:36:02 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv PKI-IPA
        track: yes
        auto-renew: yes
Request ID '20140817123752':
        status: MONITORING
        ca-error: Error setting up ccache for local "host" service using 
default                                                    keytab: Cannot 
contact any KDC for realm 'EXAMPLE.COM'.
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/etc/httpd/alias',nickname='Serve                          
                         r-Cert',token='NSS Certificate 
DB',pinfile='/etc/httpd/alias/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cer                     
                              t',token='NSS Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
        expCOMes: 2016-08-17 12:37:51 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/restart_httpd
        track: yes
        auto-renew: yes
[root@ipasrv ~]# getcert list
Number of certificates and requests being tracked: 8.
Request ID '20140817123522':
        status: MONITORING
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert 
cert-pki-ca',token='NSS Certificate DB',pin='247087063310'
        certificate: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='auditSigningCert 
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=CA Audit,O=EXAMPLE.COM
        expCOMes: 2018-06-30 07:57:06 UTC
        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert 
"auditSigningCert cert-pki-ca"
        track: yes
        auto-renew: yes
Request ID '20140817123523':
        status: MONITORING
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert 
cert-pki-ca',token='NSS Certificate DB',pin='247087063310'
        certificate: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='ocspSigningCert 
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=OCSP Subsystem,O=EXAMPLE.COM
        expCOMes: 2018-06-30 07:56:06 UTC
        eku: id-kp-OCSPSigning
        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert 
"ocspSigningCert cert-pki-ca"
        track: yes
        auto-renew: yes
Request ID '20140817123524':
        status: MONITORING
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert 
cert-pki-ca',token='NSS Certificate DB',pin='247087063310'
        certificate: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='subsystemCert 
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=CA Subsystem,O=EXAMPLE.COM
        expCOMes: 2018-06-30 07:56:06 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
        post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert 
"subsystemCert cert-pki-ca"
        track: yes
        auto-renew: yes
Request ID '20140817123525':
        status: MONITORING
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS 
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS 
Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=IPA RA,O=EXAMPLE.COM
        expCOMes: 2018-06-30 07:56:06 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert
        track: yes
        auto-renew: yes
Request ID '20140817123526':
        status: MONITORING
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert 
cert-pki-ca',token='NSS Certificate DB',pin='247087063310'
        certificate: 
type=NSSDB,location='/var/lib/pki-ca/alias',nickname='Server-Cert 
cert-pki-ca',token='NSS Certificate DB'
        CA: dogtag-ipa-renew-agent
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
        expCOMes: 2018-06-30 07:56:06 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command:
        track: yes
        auto-renew: yes
Request ID '20140817123534':
        status: MONITORING
        ca-error: Error setting up ccache for local "host" service using 
default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS
 Certificate DB',pinfile='/etc/dCOMsrv/slapd-EXAMPLE-COM/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/dCOMsrv/slapd-EXAMPLE-COM',nickname='Server-Cert',token='NSS
 Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
        expCOMes: 2016-08-17 12:35:34 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv EXAMPLE-COM
        track: yes
        auto-renew: yes
Request ID '20140817123602':
        status: MONITORING
        ca-error: Error setting up ccache for local "host" service using 
default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
 Certificate DB',pinfile='/etc/dCOMsrv/slapd-PKI-IPA/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/dCOMsrv/slapd-PKI-IPA',nickname='Server-Cert',token='NSS
 Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
        expCOMes: 2016-08-17 12:36:02 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/restart_dCOMsrv PKI-IPA
        track: yes
        auto-renew: yes
Request ID '20140817123752':
        status: MONITORING
        ca-error: Error setting up ccache for local "host" service using 
default keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.
        stuck: no
        key paCOM storage: 
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS 
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS 
Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=ipasrv.EXAMPLE.COM,O=EXAMPLE.COM
        expCOMes: 2016-08-17 12:37:51 UTC
        eku: id-kp-serverAuth,id-kp-clientAuth
        pre-save command:
        post-save command: /usr/lib64/ipa/certmonger/restart_httpd
        track: yes
        auto-renew: yes


      From: Rob Crittenden <rcrit...@redhat.com>
 To: mohammad sereshki <mohammadseres...@yahoo.com>; Freeipa-users 
<freeipa-users@redhat.com> 
 Sent: Saturday, July 23, 2016 11:30 PM
 Subject: Re: [Freeipa-users] ipa-getcert shows error
   
mohammad sereshki wrote:
> hi
>
> I get below error
> ca-error: Error setting up ccache for local "host" service using default
> keytab: Cannot contact any KDC for realm 'EXAMPLE.COM'.

I'm guessing IPA is not running, or not completely running. ipactl 
status will tell you.

> when I run ipa-getcert list, also how can I check my CAs are renewed or not?

Use just getcert and not ipa-getcert (ipa-getcert returns just a subset 
of all certificates being tracked).

rob


  
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to