On Mon, Aug 22, 2016 at 11:52:46PM +0000, Z D wrote: > Hello, > > There is the error on ver 4.2 while viewing certs: "IPA Error > 4301: CertificateOperationError", next it read " Certificate > operation cannot be completed: Unable to communicate with CMS > ([Errno 113] No route to host)". > > I suspect you'll be asking for below two commands, here are results. > > # ipa cert-show 1 > Certificate: > MIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0BAQsFADA4MRYwFAYDVQQKDA1VUy5P > ..shortened ... > H6S7tS4pT9w77K8= > Subject: CN=Certificate Authority,O=COMP.COM > Issuer: CN=Certificate Authority,O=COMP.COM > Not Before: Wed Aug 17 17:20:41 2016 UTC > Not After: Sun Aug 17 17:20:41 2036 UTC > Fingerprint (MD5): 00:a5:2c:2d:ea:c8:27:33:62:35:75:53:12:6a:0d:c1 > Fingerprint (SHA1): > d1:58:78:83:31:b8:ad:ae:af:2c:e7:05:44:67:6e:3a:37:8c:00:1a > Serial number (hex): 0x1 > Serial number: 1 > > # ipactl restart > Restarting Directory Service > Restarting krb5kdc Service > Restarting kadmin Service > Restarting named Service > Restarting ipa_memcached Service > Restarting httpd Service > Restarting ipa-otpd Service > Restarting ipa-dnskeysyncd Service > ipa: INFO: The ipactl command was successful > > Any help is appreciated, thanks > Zarko >
"while viewing certs" -> do you mean in the IPA Web UI? The successful `cert-show' command indicates that the CA is up and running, but the error message indicates that the host running the failing action cannot contact the CA. You should check DNS and firewall settings as a first step. Thanks, Fraser -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
