On Mon, Sep 12, 2016 at 9:48 PM, Rob Crittenden <rcrit...@redhat.com> wrote:

> Natxo Asenjo wrote:
>> hi,
>> I can reproduce this everytime. Restarting httpd fixes it for a while,
>> but then ik stops working:
>> $ ipa cert-show 1
>> ipa: ERROR: cannot connect to
>> 'https://kdc01.unix.domain.tld:443/ca/agent/ca/displayBySerial':
>> (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old,
>> unsupported format.
> It is very strange that it goes from a working to a non-working state.
> I have only two suggestions:
> 1. Create /etc/ipa/server.conf with a [global] section and debug=True in
> it, restart httpd. Your log will be quite a bit more verbose but given it
> reproduces so quickly hopefully won't be too big a deal. That might show
> something.
> 2. Try brute force with strace. Finding the right httpd process to strace
> can be frustrating but usually there are only 8 and they rotate so
> eventually you should get the right one.

Could I send you the log files privately?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to