Natxo Asenjo wrote:
hi,


On Mon, Sep 12, 2016 at 9:48 PM, Rob Crittenden <rcrit...@redhat.com
<mailto:rcrit...@redhat.com>> wrote:

    Natxo Asenjo wrote:

        hi,

        I can reproduce this everytime. Restarting httpd fixes it for a
        while,
        but then ik stops working:

        $ ipa cert-show 1
        ipa: ERROR: cannot connect to
        'https://kdc01.unix.domain.tld:443/ca/agent/ca/displayBySerial
        <https://kdc01.unix.domain.tld:443/ca/agent/ca/displayBySerial>':
        (SEC_ERROR_LEGACY_DATABASE) The certificate/key database is in
        an old,
        unsupported format.


    It is very strange that it goes from a working to a non-working state.

    I have only two suggestions:

    1. Create /etc/ipa/server.conf with a [global] section and
    debug=True in it, restart httpd. Your log will be quite a bit more
    verbose but given it reproduces so quickly hopefully won't be too
    big a deal. That might show something.

    2. Try brute force with strace. Finding the right httpd process to
    strace can be frustrating but usually there are only 8 and they
    rotate so eventually you should get the right one.


Could I send you the log files privately?

Sure.

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to