hi,
On Mon, Sep 12, 2016 at 9:48 PM, Rob Crittenden <[email protected]> wrote: > Natxo Asenjo wrote: > >> hi, >> >> I can reproduce this everytime. Restarting httpd fixes it for a while, >> but then ik stops working: >> >> $ ipa cert-show 1 >> ipa: ERROR: cannot connect to >> 'https://kdc01.unix.domain.tld:443/ca/agent/ca/displayBySerial': >> (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in an old, >> unsupported format. >> > > It is very strange that it goes from a working to a non-working state. > > I have only two suggestions: > > 1. Create /etc/ipa/server.conf with a [global] section and debug=True in > it, restart httpd. Your log will be quite a bit more verbose but given it > reproduces so quickly hopefully won't be too big a deal. That might show > something. > > 2. Try brute force with strace. Finding the right httpd process to strace > can be frustrating but usually there are only 8 and they rotate so > eventually you should get the right one. > Could I send you the log files privately? -- Groeten, natxo
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
